Next Page >>
system administrators
=======
CiscoWorks Common Services for Microsoft Windows contains a
vulnerability that could allow an authenticated, remote attacker to
execute arbitrary commands on the affected system with the privileges
of a system administrator.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
===========
CTL Provider Related Vulnerabilities
To mitigate against the CTL Provider service vulnerabilities
(CSCsj80609 and CSCsi98433), system administrators can disable the
CTL Provider service if it is not needed. Access to the CTL Provider
Service is usually only required during the initial configuration of
Cisco Unified Communications Manager authentication and encryption
features. The CTL Provider service is controlled via the Cisco CTL
Provider menu selection.
===========
CTL Provider Related Vulnerabilities
To mitigate against the CTL Provider service vulnerabilities
(CSCsj80609 and CSCsi98433), system administrators can disable the
CTL Provider service if it is not needed. Access to the CTL Provider
Service is usually only required during the initial configuration of
Cisco Unified Communications Manager authentication and encryption
features. The CTL Provider service is controlled via the Cisco CTL
Provider menu selection.
Overview:
1.vendor description of software
------------------------------------------------
A SSH2 and FTP server for Microsoft windows® that enables system administrators to support multiple protocol access to user accounts. FTPS, SFTP, and HTTPS based file transfers are supported in addition to FTP, Telnet, and Secure Shell access. Sysax Multi Server lets system administrators authenticate users using existing windows user accounts or by creating custom accounts, or a combination of both methods. A convenient web browser based administration interface makes it easy to monitor the status of the server remotely.It is easy to install and does not require advanced IT skills to manage.
2.vulnerability details:
------------------------------------------------
Several Denial of Service vulnerabilities exist in SFTP module of Sysax Multi Server. The unsafe commands include "open","unlink", "mkdir" and etc. .which can not handle overlength strings properly.
If you could log on the server successfully, take the following steps and the Sysax Multi server will crash which would lead to Denial of Service attack:
=======
CiscoWorks Common Services for both Oracle Solaris and Microsoft
Windows contains a vulnerability that could allow a remote
unauthenticated attacker to execute arbitrary code on a host device
with privileges of a system administrator.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
* User accounts that are defined on external identity stores such
as a Lightweight Directory Access Protocol (LDAP) server, a
Microsoft Active Directory server, an RSA SecurID server, or an
external RADIUS server
* System administrator accounts for the Cisco Secure ACS server
itself that have been configured through the web-based interface
* Users accounts for the Cisco Secure ACS server itself that have
been configured through the "username <username> password <password>"
CLI command
privileges and execute arbitrary code with root privileges.
Background
==========
sudo allows a system administrator to give users the ability to run
commands as other users.
Affected packages
=================
username: '
password: test
An unrecoverable error has occurred.
Please report this message to your system administrator.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1
Exit
©2006 Trivantis Corporation. Trivantis and CourseMill are registered trademarks of Trivantis. All Rights Reserved.
EXPLOITATION:
== Description ==
Open Computer and Software (OCS) Inventory Next Generation (NG) is an
application designed to help a network or system administrator keep track
of the computers configuration and software that are installed on the network.
The vulnerability is a sql injection which exists in header.php file.
Attacker could pass a special sql string which can used to create/modify
information stored in the database or authenticated in any user.
: you can saw the letter which was posted last week by one developer of
: one such vulnerable web application ---
from my reading of that exchange, i "thought" the author a 'system
administrator', rather THAN, the programmer of the flawed application.
from my experience, a sysadmin seldom enjoys the freedom programmers
enjoy.
: it's only way to draw attention of web developers to these issues.
lib32 (i386 compatibility) libraries. On amd64 systems where the i386
compatibility libraries are used, the operating system should instead
be recompiled as described in
<URL:http://www.FreeBSD.org/handbook/makeworld.html>
NOTE: System administrators may wish to rebuild any system database files
which were created prior to applying this patch in case they contain
sensitive information.
VI. Correction details
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
h. Service Console package sudo updated to 1.6.9p17-6.el5_4
Sudo (su "do") allows a system administrator to delegate authority
to give certain users (or groups of users) the ability to run some
(or all) commands as root or another user while providing an audit
trail of the commands and their arguments.
When a pseudo-command is enabled, sudo permits a match between the
restrict which systems can send NTP packets to ntpd(8).
Note that systems will only be affected if they have the "autokey" option
set in /etc/ntp.conf; FreeBSD does not ship with a default ntp.conf file,
so will not be affected unless this option has been explicitly enabled by
the system administrator.
V. Solution
Perform one of the following:
arbitrary commands.
Background
==========
sudo allows a system administrator to give users the ability to run
commands as other users.
Affected packages
=================
access.
IV. Workaround
No workaround is available, but systems without untrusted local users
are not vulnerable. System administrators are reminded that even if a
system is not intended to have untrusted local users, it may be possible
for an attacker to exploit some other vulnerability to obtain local user
access to a system.
V. Solution
Info
----
Open Computer and Software (OCS) Inventory Next Generation (NG) is an
application designed to help a network or system administrator keep track
of the computers configuration and software that are installed on the network.
Details
-------
I recently audited this code [1], and found a few interesting race conditions
and symlink attacks that allow for very minor information leakage. I thought
I'd share my findings because I enjoyed exploiting these issues and they don't
pose any significant risk to live systems - in other words, this advisory is
intended for system administrators and developers of FreeBSD-based systems;
journalists, end users and other non-technical readers do not need to be
concerned. :p
OpenBSD and NetBSD are not affected. Nor is Debian/Ubuntu cron, which is based
on vixie-cron 3.0, or Red Hat/Fedora cronie, which is a fork off ISC Cron (aka
Microsoft Windows computer system using any method, they can either
leave behind a regular user or hijack a known user account (Such as
ASPNET). This user account will now have all of the rights of the
built-in local administrator account from local or remote connections.
The user will also share the Administrator's desktop and profile. When
inspected by system administrators, the regular user always looks like
it is just part of the built-in user's group. The attacker can also
make the regular user account hard to detect by creating a user with
the username of "ALT-0160", for blank space. Events in the audit log
pertaining to the hidden account will be created if the system
administrator has enabled auditing, but the user name fields are all
> > Microsoft Windows computer system using any method, they can either
> > leave behind a regular user or hijack a known user account (Such as
> > ASPNET). This user account will now have all of the rights of the
> > built-in local administrator account from local or remote connections.
> > The user will also share the Administrator's desktop and profile. When
> > inspected by system administrators, the regular user always looks like
> > it is just part of the built-in user's group. The attacker can also
> > make the regular user account hard to detect by creating a user with
> > the username of "ALT-0160", for blank space. Events in the audit log
> > pertaining to the hidden account will be created if the system
> > administrator has enabled auditing, but the user name fields are all
attackers to obtain plaintext HTTP traffic via a blockwise
chosen-boundary attack (BCBA) on an HTTPS session. Technically this is
no lighttpd vulnerability. However, lighttpd offers a workaround to
mitigate this problem by providing a possibility to disable CBC ciphers.
This updates includes this option by default. System administrators
are advised to read the NEWS file of this update (as this may break older
clients).
For the oldstable distribution (lenny), this problem has been fixed in
Title: Multiple Security Bugs In Hosting Controller
Critical: Extremely critical
Impact: Full system administrator access
Vendor: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Vendor URL: www.hostingcontroller.com
Solution: N/A From company - There is temporary solution in this report
Exploit: Available
Release Date: 2007 - December
Credit: www.BugReport.ir
services by default (you can enable UDP filtering in the Advanced
settings). So no change here from the status quo.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
# sysctl vfs.usermount=0
Note that the default value of this variable is zero, i.e., FreeBSD is not
affected by this vulnerability in its default configuration, and FreeBSD
system administrators are strongly encouraged not to change this setting.
V. Solution
NOTE WELL: Even with this fix allowing users to mount arbitrary media
should not be considered safe. Most of the file systems in FreeBSD were
motivations of the attackers. This can only be achieved by getting
access to large-scale, real-world data, and by designing techniques to
mine relevant knowledge out of it.
This workshop aims at bringing together people (e.g., researchers,
practitioners, system administrators, system programmers) active in
the emerging domain of security-related data collection and
analysis. By giving visibility to existing solutions, we expect that
the workshop will promote and encourage the better sharing of data and
knowledge.
===============
From vendor's website:
"The Powerful Management Console of eScan provides options for system
administrators to remotely administer a vast network of clients. It
also allows them to remotely install eScan, deploy upgrades and updates
and enforce an Integrated Security Policy for the entire Enterprise."
#######################################################################
"Metasploit continues to be an indispensable and reliable penetration
testing framework for our modern era", says C. Wilson, a security
engineer who uses Metasploit in his daily work. Metasploit is used by
network security professionals to perform penetration tests, system
administrators to verify patch installations, product vendors to
perform regression testing, and security researchers world-wide. The
framework is written in the Ruby programming language and includes
components written in C and assembler.
Metasploit runs on all modern operating systems, including Linux,
credit card numbers. WPAD potential danger depends on two factors: default
configuration and weak awareness among users.
In this article we discuss WPAD architecture and its many functioning principles in home
and corporate networks, real examples of attacks and give recommendations for ordinary
users and system administrators that allow reducing attack consequences.
Whitepaper:
http://www.securitylab.ru/_download/articles/wpad_weakness_en.pdf
A vulnerability in sudo may allow for privilege escalation.
Background
==========
sudo allows a system administrator to give users the ability to run
commands as other users.
Affected packages
=================
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The jail(2) system call allows a system administrator to lock a process
and all of its descendants inside an environment with a very limited
ability to affect the system outside that environment, even for
processes with superuser privileges. It is an extension of, but
far more powerful than, the traditional UNIX chroot(2) system call.
- Details
PacerCMS is susceptible to both persistent cross-site scripting and
SQL injection attacks. An attacker could use the public
'Write a Letter'(submit.php) form to send a message to the System
Administrator or staff member containing Javascript. The name,
headline, or text POST variables are not sufficiently sanitized.
The system administrator of the CMS sees a list of submitted
messages on siteadmin/index.php right after logging in. If an
attacker sends a message containing Javascript in the name or
Next Page>>
|
