VARIoT IoT vulnerabilities database

The SAP Crystal Reports Server ActiveX control is prone to multiple insecure-method vulnerabilities. Successful exploits will compromise affected computers or cause denial-of-service conditions; other attacks are possible. SAP Crystal Reports Server 2008 is vulnerable.

Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request. Cisco Linksys WRT54GC provided by Cisco Systems contains a buffer overflow vulnerability. Cisco Linksys WRT54GC provided by Cisco Systems is a network router. Cisco Linksys WRT54GC contains a buffer overflow vulnerability. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.When processing a specially crafted HTTP request, the router may crash resulting in a denial-of-service (DoS). The Linksys WRT54GC is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Failed exploit attempts will result in a denial-of-service condition. Linksys WRT54GC firmware versions prior to 1.06.1 are vulnerable. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linksys WRT54GC Web Management Interface Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43017 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43017/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43017 RELEASE DATE: 2011-01-21 DISCUSS ADVISORY: http://secunia.com/advisories/43017/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43017/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43017 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Linksys WRT54GC, which can be exploited by malicious people to compromise a vulnerable system. SOLUTION: Update to firmware version 1.06.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Yuji Ukai, Fourteenforty Research Institute. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/viewAlert.x?alertId=22228 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Oracle has released advance notification regarding the January 2011 Critical Patch Update (CPU) to be released on January 18, 2011. The update addresses 66 vulnerabilities affecting the following software: Oracle Database Server Oracle Secure Backup Oracle Fusion Middleware Oracle Enterprise Manager Grid Control Oracle Solaris products Oracle Applications Oracle Supply Chain Products Suite Oracle PeopleSoft and JDEdwards Suite Oracle Industry Applications Oracle Sun Products Oracle Open Office Suite Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. This BID is being retired. The following individual records exist to better document these issues: 34083 Sun Java System Communications Express Multiple HTML Injection Vulnerabilities 40235 MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability 42202 OpenOffice Impress File Multiple Buffer Overflow Vulnerabilities 42637 Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability 43819 GNU libc glob(3) 'GLOB_LIMIT' Remote Denial of Service Vulnerability 43965 Oracle Java SE and Java for Business CVE-2010-3571 ICC Profile Vulnerability 43971 Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability 43979 Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability 43985 Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability 43988 Oracle Java SE and Java for Business CVE-2010-3566 ICC Profile Vulnerability 43992 Oracle Java SE and Java for Business CVE-2010-3567 Remote 2D Vulnerability 43994 Oracle Java SE and Java for Business CVE-2010-3554 Remote CORBA Vulnerability 44009 Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability 44011 Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability 44012 Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability 44013 Oracle Java SE and Java for Business CVE-2010-3561 Remote CORBA Vulnerability 44014 Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability 44016 Oracle Java SE and Java for Business 'defaultReadObject' Remote Code Execution Vulnerability 44017 Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability 44026 Oracle Java SE and Java for Business CVE-2010-3559 HeadspaceSoundbank.nGetName Vulnerability 44027 Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability 44028 Oracle Java SE and Java for Business CVE-2010-3573 Same Origin Bypass Vulnerability 44030 Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability 44032 Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability 44035 Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability 44038 Oracle Java SE and Java for Business CVE-2010-3555 Remote ActiveX Plug-in Vulnerability 45844 Oracle Audit Vault CVE-2010-4449 Remote Code Execution Vulnerability 45845 Oracle Database Server CVE-2010-4413 Remote Scheduler Agent Vulnerability 45846 Oracle Document Capture CVE-2010-3598 Remote Vulnerability 45847 Oracle WebLogic Server CVE-2010-3510 Remote Security Vulnerability 45848 Oracle Fusion Middleware CVE-2010-4455 Remote Oracle HTTP Server Vulnerability 45849 Oracle Document Capture CVE-2010-3595 Remote Vulnerability 45850 Oracle Secure Backup CVE-2010-3596 Remote mod_ssl Vulnerability 45851 Oracle Document Capture CVE-2010-3591 Remote Vulnerability 45852 Oracle Fusion Middleware CVE-2010-4437 Remote Oracle WebLogic Server Vulnerability 45853 Oracle Solaris CVE-2010-4435 Remote CDE Calendar Manager Service Daemon Vulnerability 45854 Oracle Fusion Middleware CVE-2010-4417 Beehive Remote Code Execution Vulnerability 45855 Oracle Database Server CVE-2010-4420 Local Database Vault Vulnerability 45856 Oracle Document Capture CVE-2010-3599 Remote Vulnerability 45857 Oracle PeopleSoft Enterprise HRMS CVE-2010-4461 Remote Vulnerability 45858 Oracle Fusion Middleware CVE-2010-3588 Remote Oracle Discoverer Vulnerability 45859 Oracle Cluster Verify Utility CVE-2010-4423 Local Vulnerability 45860 Oracle Supply Chain Product CVE-2010-4429 Remote Security Vulnerability 45861 Oracle Application Object Library CVE-2010-3589 Remote Security Vulnerability 45862 Oracle PeopleSoft Enterprise PeopleTools CVE-2010-4424 Remote Vulnerability 45863 Oracle PeopleSoft Enterprise HRMS CVE-2010-4430 Remote Vulnerability 45864 Oracle Solaris 11 Express CVE-2010-4457 Remote CIFS Vulnerability 45865 Oracle PeopleSoft CVE-2010-4418 Remote Enterprise PeopleTools Vulnerability 45866 Oracle PeopleSoft Enterprise HRMS CVE-2010-4439 Remote Vulnerability 45867 Oracle PeopleSoft Enterprise PeopleTools CVE-2010-4426 Remote Vulnerability 45868 Oracle Fusion Middleware CVE-2010-4416 Remote Oracle GoldenGate Veridata Vulnerability 45869 Oracle PeopleSoft Enterprise HRMS CVE-2010-4445 Remote Vulnerability 45870 Oracle E-Business Suite CVE-2010-3587 Common Applications Component Remote Vulnerability 45871 Oracle Document Capture CVE-2010-3592 Remote Vulnerability 45872 Oracle Supply Chain Product CVE-2010-3505 Remote Security Vulnerability 45873 Oracle PeopleSoft Enterprise HRMS CVE-2010-4428 Remote Vulnerability 45874 Oracle Enterprise Manager Real User Experience Insight (RUEI) SQL Injection Vulnerability 45875 Oracle Transportation Manager CVE-2010-4432 Remote Security Vulnerability 45876 Oracle VM VirtualBox CVE-2010-4414 Local Extensions Vulnerability 45877 Oracle Fusion Middleware CVE-2010-4453 Remote Oracle WebLogic Server Vulnerability 45878 Oracle Solaris CVE-2010-4459 Local Vulnerability 45879 Oracle PeopleSoft CVE-2010-4419 Remote Enterprise CRM Vulnerability 45880 Oracle Spatial CVE-2010-3590 Remote Security Vulnerability 45881 Oracle PeopleSoft CVE-2010-4441 Remote Enterprise HRMS Vulnerability 45883 Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability 45884 Oracle OpenSSO and Java SAM CVE-2010-4444 Remote Vulnerability 45885 Oracle SunMC CVE-2010-4436 Remote Vulnerability 45886 Oracle Solaris CVE-2010-4443 Local Solaris Vulnerability 45887 Oracle Sun Convergence CVE-2010-4464 Remote Vulnerability 45888 Oracle Sun Solaris CVE-2010-4440 Local Security Vulnerability 45889 Oracle Solaris CVE-2010-4458 Local Solaris Vulnerability 45890 Oracle Sun GlassFish and Message Queue CVE-2010-4438 Local Security Vulnerability 45891 Oracle Solaris CVE-2010-4442 Local Kernel Vulnerability 45892 Oracle Sun Solaris CVE-2010-4446 Local Security Vulnerability 45893 Oracle Sun Solaris 10 CVE-2010-4433 Remote Security Vulnerability 45895 Oracle Solaris CVE-2010-4460 Local Solaris Vulnerability 45896 Oracle Sun Java System Communications Express CVE-2010-4456 Remote Web Mail Vulnerability 45897 Oracle BI Publisher CVE-2010-4425 Remote Security Vulnerability 45898 Oracle Sun Java System Portal Server CVE-2010-4431 Local Security Vulnerability 45899 Oracle PeopleSoft CVE-2010-4434 Remote Enterprise PeopleTools Vulnerability 45900 Oracle BI Publisher CVE-2010-4427 Remote Security Vulnerability 45901 Oracle Outside In Technology CVE-2010-3597 Local Security Vulnerability 45902 Oracle CVE-2010-3593 Remote Health Sciences - Oracle Argus Safety Vulnerability 45903 Oracle Sun Solaris CVE-2010-3586 Local Security Vulnerability 45904 Oracle Solaris CVE-2010-4415 Local 'libc' Vulnerability 45905 Oracle Database Vault CVE-2010-4421 Remote Security Vulnerability

Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. Advantech Studio Test Web Server Contains a buffer overflow vulnerability. Indusoft is a powerful interpersonal interface graphical design software (SCADA) developed by indusoft. InduSoft NTWebServer runs the test WEB service on TCP port 80. Successful exploitation of the vulnerability can be performed in the context of the service process. Code. InduSoft NTWebServer is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the affected server. Successful attacks will compromise the server and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. SOLUTION: Apply patch. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: InduSoft Web Studio NTWebServer Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42883 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42883/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42883 RELEASE DATE: 2011-01-13 DISCUSS ADVISORY: http://secunia.com/advisories/42883/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42883/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42883 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in InduSoft Web Studio, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is reported in version 7.0. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. Use a different web server. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Jeremy Brown. ORIGINAL ADVISORY: InduSoft: http://www.indusoft.com/blog/?p=337 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SAP Kernel is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information. Information obtained may aid in further attacks and facilitate access to other services. The issue affects the following: SAP Kernel 6.40 7.00, 7.01, 7.10, 7.11, 7.20.

SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management interface which listens by default on TCP port 443. While parsing requests sent to the login.php page, the process does not properly sanitize the USERNAME POST parameter. By sending a specially crafted string, a remote attacker can leverage this vulnerability to inject arbitrary SQL into the backend database on the server. Symantec Web Gateway is a Web security gateway hardware appliance. Any SQL. Exploiting this issue could allow an attacker to compromise the device, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. -- Vendor Response: Symantec has issued an update to correct this vulnerability. More details can be found at: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 -- Disclosure Timeline: 2010-09-23 - Vulnerability reported to vendor 2011-01-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * RadLSneak -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec Web Gateway Management Interface "USERNAME" SQL Injection SECUNIA ADVISORY ID: SA42878 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42878/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42878 RELEASE DATE: 2011-01-14 DISCUSS ADVISORY: http://secunia.com/advisories/42878/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42878/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42878 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec Web Gateway, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to compromise a vulnerable system. The vulnerability is reported in version 4.5. Other versions may also be affected. SOLUTION: Update to version 4.5.0.376 or later. PROVIDED AND/OR DISCOVERED BY: RadLSneak via ZDI. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-013/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. Successful exploits allow an attacker to crash the affected browser, resulting in a denial-of-service condition. Versions prior to Research In Motion BlackBerry Device Software 6.0.0 are vulnerable. Gents, BlackHat Washington DC has just finished, and we wanted to let you know that RIM officially released a patch for the vulnerability found by TEHTRI-Security in BlackBerry devices, and covered during our talk: "Inglourious Hackerds: Targeting Web Clients". To quote RIM web site, the BlackBerry device subsequently terminates the browser, and the browser eventually restarts and displays an error message. What was quite funny is that, with little tweaks (based on incoming User-Agent + sizes of buffers + payloads...) our 0day also worked against HTC Windows, Apple iPhone/iPod (CVE-2010-1752) and Google Android devices, with different kind of results. It's all related to a flaw in the way those devices try to handle HTML codes, based on some concepts taken from the HTTP RFC directly... To avoid the spread of annoying exploits, that would target customers of Google, RIM, Apple & HTC, we only shared some information with the vendors and during the BlackHat DC event, but our slides on BlackHat.com will also contain part of information. If you want to go further, here are some useful links: - Official RIM web page dealing with our 0Day: http://www.blackberry.com/btsc/KB24841 - BlackHat Washington DC: https://www.blackhat.com/html/bh-dc-11/bh-dc-11-schedule.html - Mitre CVE Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2599 - Gartner.com Blog Entry about our talk @BHDC: http://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/ - NetworkWorld Press Article about our talk @BHDC: http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html - TEHTRI-Security Blog: http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html We would like to thanks the security experts of RIM who came to our talk in Washington, and who took time there to share explanations with our attendees in order to show how they mitigated our findings by handling those issues with all the carriers involved worldwide (what an incredible task). On our side, we got technical fun by doing technical penetration tests on those devices, and this is how we found such 0days. We do think that basic tests are not always done properly because of consumerization, money & time issues, etc. Recently, we found 0days against IP Camera surveillance, etc, by doing penetration tests. We live in world where everything has to be clean, beautiful, quick, easy, marketable, and certified. But what about IT Security, while everything gets more and more complex... We now all get Certified non-Ethically Hackable... "Good night, and Good luck." Best regards, Laurent OUDOT, from Washington DC, USA @BlackHatDC Briefings ( http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Oudot ) TEHTRI-Security - "This is not a Game." http://www.tehtri-security.com/ http://twitter/tehtris . Gents, If you are a lucky BlackBerry owner, or an administrator of many BB devices, you can do a quick security check of your smartphone(s), by browsing this web page from your device (free quick check): http://tehtris.com/bbcheck For now, this will check for you if you are potentially vulnerable against those exploits: -> Nov 2007 - US-CERT Advisory VU#282856 - Exploit from Michael Kemp http://www.blackberry.com/btsc/KB12577 -> Jan 2011 - CVE-2010-2599 - Exploit found by TEHTRI-Security http://www.blackberry.com/btsc/KB24841 -> Mar 2011 - CVE-2011-1290 - Awesome Pwn2own/CSW exploit from Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers A workaround for this latest vulnerability (CVE-2011-1290) could be to disable JavaScript, as explained on RIM resources. You should definitely read this: http://www.blackberry.com/btsc/KB26132 Have a nice day, Laurent OUDOT, CEO TEHTRI-Security -- "This is not a game" http://www.tehtri-security.com/ Follow us: @tehtris => Join us for more hacking tricks during next awesome events: - SyScan Singapore (April) -- Training: "Advanced PHP Hacking" http://www.syscan.org/index.php/sg/training - HITB Amsterdam (May) -- Training: "Hunting Web Attackers" http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability. A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users

Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777. WellinTech KingView 6.53 Contains a heap overflow vulnerability. WellinTech KingView 6.53 of HistorySrv service (777/tcp) Crafted Flink and Blink When processing pointers A heap overflow vulnerability exists. Attack code using this vulnerability has been released.WellinTech KingView Service disruption by a third party with access to (DoS) An attacker may be attacked or execute arbitrary code with user privileges. KingView is the configuration software in the HMI / SCADA series products produced by Beijing Yakong. This software is mainly used for process control and management monitoring of industrial automation. The software is deployed on the Windows operating system platform, and the 777 service port is opened for historical data synchronization. Because its 777 service port listening process, HistorySvr.exe, does not have adequate security controls in the process of processing data, an attacker can cause the service to crash or achieve overflow by sending a specially constructed data packet to the service port to gain operating system host management permissions. If you further guess the KingView 6.53 management system username and password installed on the host, you will directly gain control of the industrial system associated with it. KingView is prone to a heap-based buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. KingView 6.53 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: KingView HistorySvr Service Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42851 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42851/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42851 RELEASE DATE: 2011-01-11 DISCUSS ADVISORY: http://secunia.com/advisories/42851/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42851/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42851 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in KingView, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 6.53. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Dillon Beresford OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. Cisco IOS Run on CallManager Express There is a service disruption (DoS) There is a vulnerability that becomes a condition. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCta63555. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq24002. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. SOLUTION: Update to Cisco IOS version 15.0(1)XA5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. The problem is Bug ID CSCso05336 It is a problem.By a third party IRC Service disruption via connection to server (DoS) There is a possibility of being put into a state. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA are vulnerable. This issue being tracked by Cisco bug ID CSCso05336. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This vulnerability is related to \"broken magic value\". ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. Cisco IOS There is a memory leak and service disruption (DoS) There is a vulnerability that becomes a condition. An attacker can exploit these issues to cause an affected device to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtg41733. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. SOLUTION: Update to Cisco IOS version 15.0(1)XA5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. The problem is Bug ID CSCtb47950 It is a problem.Long term SIP TRUNK Service disruption through the transmission of (DoS) There is a possibility of being put into a state. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. A remote attacker can cause a denial of service (memory consumption) by sending this communication after an excessively long delay. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. The problem is Bug ID CSCte53635 It is a problem.By a third party HEAD Important information may be obtained through a request. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Remote attackers can obtain sensitive information with HEAD requests. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco ASA (Adaptive Security Appliance) 5500 Series, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when handling EIGRP multicast traffic can be exploited to exhaust certain system resources. 2) An error when handling TELNET connections can be exploited to bypass certain access restrictions by connecting to the lowest security level interface. Successful exploitation of this vulnerability requires valid credentials. 3) An error when handling unspecified IPSEC traffic can be exploited to cause a device to crash via a high volume of traffic. 4) An error in emWEB when handling filename requests can be exploited to crash the daemon by requesting a filename containing white space characters. 5) An error when handling packets during device startup can be exploited to bypass configured access restrictions. 6) An error when handling Online Certificate Status Protocol (OCSP) connection failures can be exploited by OCSP responders to exhaust TCP sockets by rejecting connection attempts. 7) An error in the WebVPN implementation when handling CIFS connections can be exploited to access a share via certain CIFS requests. Successful exploitation of this vulnerability requires valid credentials and CIFS file browsing to be disabled. 8) An error within SMTP inspection can be exploited to bypass the inspection via prepended space characters. 9) An error when handling LDAP connections can be exploited to exhaust memory resources via invalid authentication attempts. 10) An error within SIP inspection can be exploited to crash a device via a high volume of calls (greater than 600). 12) An error when handling unspecified multicast traffic can be exploited to crash a device. 13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be exploited to crash a device via a high volume of sessions (greater than 10000). The vulnerabilities are reported in versions prior to 8.2(4) and 8.3(2). SOLUTION: Update to versions 8.2(4) and 8.3(2). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5500 series security appliances with software prior to 8.3(2) are vulnerable

Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030. The problem is Bug ID : CSCte20030 Problem.Many third parties SIP Denial of service via call (DoS) May be in a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5500 series security appliances with software prior to 8.3(2) are vulnerable. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco ASA (Adaptive Security Appliance) 5500 Series, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when handling EIGRP multicast traffic can be exploited to exhaust certain system resources. 2) An error when handling TELNET connections can be exploited to bypass certain access restrictions by connecting to the lowest security level interface. Successful exploitation of this vulnerability requires valid credentials. 3) An error when handling unspecified IPSEC traffic can be exploited to cause a device to crash via a high volume of traffic. 4) An error in emWEB when handling filename requests can be exploited to crash the daemon by requesting a filename containing white space characters. 5) An error when handling packets during device startup can be exploited to bypass configured access restrictions. 6) An error when handling Online Certificate Status Protocol (OCSP) connection failures can be exploited by OCSP responders to exhaust TCP sockets by rejecting connection attempts. 7) An error in the WebVPN implementation when handling CIFS connections can be exploited to access a share via certain CIFS requests. Successful exploitation of this vulnerability requires valid credentials and CIFS file browsing to be disabled. 8) An error within SMTP inspection can be exploited to bypass the inspection via prepended space characters. 9) An error when handling LDAP connections can be exploited to exhaust memory resources via invalid authentication attempts. 11) An error in the Mobile User Security (MUS) service when handling HTTP requests from a Web Security Appliance (WSA) can be exploited to bypass authentication via a HEAD request. 12) An error when handling unspecified multicast traffic can be exploited to crash a device. 13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be exploited to crash a device via a high volume of sessions (greater than 10000). The vulnerabilities are reported in versions prior to 8.2(4) and 8.3(2). SOLUTION: Update to versions 8.2(4) and 8.3(2). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592. The problem is Bug ID CSCth36592 It is a problem.A large amount by a third party LAN-to-LAN (L2L) IPsec Service disruption through session (DoS) There is a possibility of being put into a state. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco ASA (Adaptive Security Appliance) 5500 Series, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when handling EIGRP multicast traffic can be exploited to exhaust certain system resources. 2) An error when handling TELNET connections can be exploited to bypass certain access restrictions by connecting to the lowest security level interface. Successful exploitation of this vulnerability requires valid credentials. 3) An error when handling unspecified IPSEC traffic can be exploited to cause a device to crash via a high volume of traffic. 4) An error in emWEB when handling filename requests can be exploited to crash the daemon by requesting a filename containing white space characters. 5) An error when handling packets during device startup can be exploited to bypass configured access restrictions. 6) An error when handling Online Certificate Status Protocol (OCSP) connection failures can be exploited by OCSP responders to exhaust TCP sockets by rejecting connection attempts. 7) An error in the WebVPN implementation when handling CIFS connections can be exploited to access a share via certain CIFS requests. Successful exploitation of this vulnerability requires valid credentials and CIFS file browsing to be disabled. 8) An error within SMTP inspection can be exploited to bypass the inspection via prepended space characters. 9) An error when handling LDAP connections can be exploited to exhaust memory resources via invalid authentication attempts. 10) An error within SIP inspection can be exploited to crash a device via a high volume of calls (greater than 600). 11) An error in the Mobile User Security (MUS) service when handling HTTP requests from a Web Security Appliance (WSA) can be exploited to bypass authentication via a HEAD request. 12) An error when handling unspecified multicast traffic can be exploited to crash a device. 13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be exploited to crash a device via a high volume of sessions (greater than 10000). The vulnerabilities are reported in versions prior to 8.2(4) and 8.3(2). SOLUTION: Update to versions 8.2(4) and 8.3(2). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------