Next Page >>
supported
Vulnerable Products
+------------------
Cisco devices that are running Cisco IOS Software are vulnerable when
they are configured for NAT and contain support for one or more of
the following features:
* NetMeeting Directory NAT (LDAP on TCP port 389)
* NAT for Session Initiation Protocol (SIP)
* NAT for H.323
Vulnerable Products
+------------------
Cisco devices running Cisco IOS Software that are configured for NAT
and that support NAT for SIP, H.323, or H.225.0 call signaling for
H.323 packets are affected.
To verify whether NAT is enabled on a Cisco IOS device log in to the
device and issue the show ip nat statistics command. The following
example shows a device that is configured with NAT:
The following example shows output from a device running IOS version
15.0(1)M1:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
Additional information about Cisco IOS Software release naming
conventions is available in the white paper Cisco IOS and NX-OS
C2500-IS-L:
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
!--- output truncated
C2500-IS-L:
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
!--- output truncated
Cisco IOS Software Release 12.4(20)T with an installed image name
of C1841-ADVENTERPRISEK9-M:
Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team
Additional information about Cisco IOS Software release naming
conventions is available in White Paper: Cisco IOS and NX-OS
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
that is running Cisco IOS Software and that has IPv6 enabled will
show some interfaces with assigned IPv6 addresses when the "show ipv6
interface brief" command is executed.
The "show ipv6 interface brief" command will produce an error message
if the version of Cisco IOS Software in use does not support IPv6, or
will not show any interfaces with IPv6 address if IPv6 is disabled.
The system is not vulnerable in these scenarios.
Sample output of the "show ipv6 interface brief" command on a system
that is configured for IPv6 operation follows:
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
C2500-IS-L:
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
!--- output truncated
Summary
=======
Skinny Client Control Protocol (SCCP) crafted messages may cause a
Cisco IOS device that is configured with the Network Address
Translation (NAT) SCCP Fragmentation Support feature to reload.
Cisco has released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
available.
C2500-IS-L:
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
!--- output truncated
For Public Release 2009 July 29 1600 UTC (GMT)
Summary
=======
Recent versions of Cisco IOS Software support RFC4893 ("BGP Support
for Four-octet AS Number Space") and contain two remote denial of
service (DoS) vulnerabilities when handling specific Border Gateway
Protocol (BGP) updates.
These vulnerabilities affect only devices running Cisco IOS Software
We are excited to announce the immediate availability of version 3.3 of
the Metasploit Framework. This release includes 446 exploits, 216
auxiliary modules, and hundreds of payloads, including an in-memory VNC
service and the Meterpreter. In addition, the Windows payloads now
support NX, DEP, IPv6, and the Windows 7 platform. More than 180 bugs
were fixed since last year’s release of version 3.2, making this one of
the more well-tested releases yet.
- http://www.metasploit.com/framework/download/
| 4.0.1 on Microsoft Windows | 4.0.1 |
+---------------------------------------------------------------+
Note: CiscoWorks LAN Management Solution versions prior to 3.2
reached end of software maintenance. Customers should contact
their Cisco support team for assistance in upgrading to a
supported version of CiscoWorks LAN Management Solution.
* Cisco Security Manager
+---------------------------------------------------------------+
processed.
CVE-2012-4461
Jon Howell reported a denial of service issue in the KVM subsystem.
On systems that do not support the XSAVE feature, local users with
access to the /dev/kvm interface can cause a system crash.
CVE-2012-4508
Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4
Fortunately some wise guy but missed to time-stamp the signed files,
Windows treats the signature as invalid since 2012-05-27T00:00:00Z.-P
According to it's manufacturer, this application supports Windows 2000
and later versions.
The self-extracting setup program "OLReader2502_DE.exe" extracts the
following 3rd party files (ALL are updates/installers from Microsoft)
into "%TEMP%\SignCubesInstall":
+---------------------------------------------------------------------
Summary
=======
Cisco IOS® Software with support for Network Time Protocol (NTP)
version (v4) contains a vulnerability processing specific NTP packets
that will result in a reload of the device. This results in a remote
denial of service (DoS) condition on the affected device.
Cisco has released free software updates that address this
advisory for the details of affected releases.
Only devices that are configured with Cisco IOS Zone-Based Policy
Firewall SIP inspection (UDP port 5060, TCP ports 5060, and 5061) are
vulnerable. Cisco IOS devices that are configured with legacy Cisco
IOS Firewall Support for SIP (context-based access control (CBAC))
are not vulnerable.
Vulnerable Products
+------------------
Summary
=======
A series of segmented Skinny Call Control Protocol (SCCP) messages
may cause a Cisco IOS device that is configured with the Network
Address Translation (NAT) SCCP Fragmentation Support feature to
reload.
Cisco has released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
available.
Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01697543
Version: 2
HPSBMA02417 SSRT090031 rev.2 - HP Data Protector Express and HP Data Protector Express Single Server
On http://support.microsoft.com/gp/lifepolicy MS says that the
"Extended Support Phase" includes "Security Update Support". If I have
a Premier Support contract (which entitles me to Extended Support)
aren't MS contractually obliged to make this fix available to me?
2009/9/16 Aras "Russ" Memisyazici <nowhere@devnull.com>:
> :)
>
> Thank you all for your valuable comments... Indeed I appreciated some of the
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01697543
Version: 1
HPSBMA02417 SSRT090031 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01422264
Version: 1
HPSBMA02326 SSRT071490 rev.1 - HP Instant Support HPISDataManager.dll Running on Windows, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02498535
Version: 1
HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
The following methods may be used to confirm if the device is
configured for Cisco IOS SSL VPNs and is vulnerable:
If the output from show running-config | include webvpn contains
"webvpn gateway <word>" then the device is supporting the Cisco IOS
SSL VPN feature. A device is vulnerable if it has the inservice
command in at least one of the "webvpn gateway" sections and is
configured for HTTP port redirection. The following example shows a
vulnerable device configured with Cisco IOS SSL VPN:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02735590
Version: 1
HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure
Next Page>>
|
