Tech Talk

[here]

FYI...

- http://isc.sans.org/diary.html?storyid=3722
Last Updated: 2007-12-05 19:18:03 UTC - "Cisco has just released an advisory* covering a buffer overflow vulnerability in the Cisco Security Agent (CSA) for Windows, with remote code execution as the possible outcome.  CSA is a "personal firewall" style product, and usually deployed as a defense against exactly the sort of threat that the component itself is now vulnerable to. Back in 2004, such a vulnerability would probably have led to a flurry of noisy network worms - today, drive-by installs of spyware are more likely, but at least as damaging. The bottom line is still the same: If you are using the vulnerable component, patch as soon as possible."
* http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml

 

[here]

FYI...

"Cisco has released two updates to their products to address low to medium severity risks."
- http://atlas.arbor.net/briefs/index#-569328674
January 23, 2008

Title: Cisco PIX and ASA Time-to-Live Vulnerability
Severity: Elevated Severity ( http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0028 )
> http://www.cisco.com/en/US/products/products_security_advisory09186a008093942e.shtml

Title: Cisco Default Passwords in the Application Velocity System
Severity: Normal Severity ( http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0029 )
> http://www.cisco.com/en/US/products/products_security_advisory09186a0080939431.shtml

- http://isc.sans.org/diary.html?storyid=3878
Last Updated: 2008-01-24 01:17:54 UTC

- http://www.us-cert.gov/current/#cisco_releases_security_advisories_to3
January 23, 2008

 

[Cisco security advisory overview]

FYI...

Cisco security advisory overview
- http://isc.sans.org/diary.html?storyid=4199
Last Updated: 2008-03-27 09:06:42 UTC (ISC analysis/overview) - "Cisco released today its quarterly lump of security advisories*. A quick overview might help in prioritizing your actions...
* http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml

- http://secunia.com/advisories/29507/
Release Date: 2008-03-27
Critical: Moderately critical
Impact: Manipulation of data, Exposure of sensitive information, DoS
Where: From remote
Solution Status: Vendor Patch...

- http://secunia.com/advisories/29559/
Release Date: 2008-03-27
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch...

 

[Cisco IOS]

FYI...

- http://www.us-cert.gov/current/#cisco_releases_security_advisories2
May 22, 2008 - "Cisco has released three security advisories to address multiple vulnerabilities in Cisco IOS Secure Shell, Service Control Engine, and Voice Portal. These vulnerabilities may allow an attacker to take control of the affected system or cause a denial-of-service condition. US-CERT encourages users to review the following Cisco Security Advisories and apply any necessary updates or workarounds.

* Cisco IOS Secure Shell Denial of Service Vulnerabilities
- http://www.cisco.com/en/US/products/products_security_advisory09186a008099567f.shtml
* Cisco Service Control Engine Denial of Service Vulnerabilities
- http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml
* Cisco Voice Portal Privilege Escalation Vulnerability
- http://www.cisco.com/en/US/products/products_security_advisory09186a008099beae.shtml

 

[here]

FYI...

- http://isc.sans.org/diary.html?storyid=4523
Last Updated: 2008-06-04 20:04:45 UTC - "Cisco has released details* on 5 vulnerabilities with their PIX and ASA product lines.  In short, the quick bullet list of vulnerabilities is:
- Crafted TCP ACK Packet Vulnerability (Denial of Service)
- Crafted TLS Packet Vulnerability (Denial of Service)
- Instant Messenger Inspection Vulnerability (Denial of Service)
- Vulnerability Scan Denial of Service (Denial of Service)
- Control-plane Access Control List Vulnerability (Bypass ACL)
Updates are available to fix all of the above and there are no workarounds for the final four of these.  In short, update your devices. Good news is that these were internal finds and it doesn't appear there is exploitation or "public" knowledge of the vulnerability details to create exploits."
* http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml

Software Versions and Fixes
- http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml#software

 

[SNMP v3 authentication vuln]

FYI...

SNMP v3 authentication vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml#summary
2008 June 10 - "...Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available.."

 

[Cisco IPS vuln - update available]

FYI...

Cisco IPS vuln - update available
- http://isc.sans.org/diary.html?storyid=4591
Last Updated: 2008-06-18 17:57:48 UTC - "Cisco Intrusion Prevention System (IPS) platforms that have gigabit network interfaces installed and are deployed in inline mode contain a denial of service vulnerability in the handling of jumbo Ethernet frames... Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability. This advisory is posted here*."
* http://www.cisco.com/warp/public/707/cisco-sa-20080618-ips.shtml#summary
2008 June 18 - "...vulnerability may lead to a kernel panic that requires a power cycle to recover platform operation... Cisco IPS versions are affected:
    * Cisco Intrusion Prevention System version 5.x prior to 5.1(8)E2
    * Cisco Intrusion Prevention System version 6.x prior to 6.0(5)E2 ..."

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2060

 

[Multiple Cisco Products DoS vuln]

FYI...

Multiple Cisco Products DoS vuln
- http://atlas.arbor.net/briefs/index#-673272965
Severity: Elevated Severity - July 02, 2008 - "Multiple vulnerabilities in Cisco products have been found, which can be exploited to crash the application or cause a DoS because of a vulnerability in a third party cryptographic library. Fixes are available. No known exploits are available.
Analysis: The issue occurs when parsing a crafted Abstract Syntax Notation One (ASN.1) object. In certain cases, an attacker can trigger this vulnerability without a valid certificate or authentication. The vulnerable products are Cisco IOS, Cisco IOS XR, Cisco PIX and ASA Security Appliances, Cisco Firewall Service Module (FWSM) and Cisco Unified CallManager.
Source: Vulnerability In Crypto Library:
- http://www.cisco.com/en/US/products/products_security_advisory09186a00809bb300.shtml

 

[DNS Cache Poisoning Attacks]

FYI...

Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
- http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml#details
2008 July 08 - "...The following Cisco products that offer DNS server functionality have been found to be susceptible to DNS cache poisoning attacks:
    * Cisco IOS Software: The vulnerability documented in Cisco bug ID CSCso81854 (registered customers only) .
    * Cisco Network Registrar: The vulnerability documented in Cisco bug ID CSCsq01298 (registered customers only) .
    * Cisco Application and Content Networking System (ACNS): The vulnerability documented in Cisco bug ID CSCsq21930 (registered customers only) .
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2008-1447..."

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447

//

[Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks]

FYI...

Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
- http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml#summary
Updated 2008 July 29 - "Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected. Cisco has released free software updates* that address these vulnerabilities..."
* http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml#software

 

[WebEx Meeting Mgr]

FYI...

WebEx Meeting Mgr...
- http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml
Last Updated 2008 August 15 - "...A buffer overflow vulnerability exists in an ActiveX control used by the WebEx Meeting Manager. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the user client machine...
The WebEx Meeting Manager downloads several components to meeting participants before they join a WebEx meeting. The vulnerability in this Security Advisory affects the atucfobj.dll library...

- http://www.kb.cert.org/vuls/id/661827
08/15/2008 - "...Solution: The Cisco Security Advisory indicates that WebEx meeting participants will automatically receive a fixed version of atucfobj.dll when they join a meeting on a server with fixed software. Version 26.49.9.2838 is the first fixed version for WBS 26 users..."

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3558
Last revised: 8/11/2008

 

[Drive-By Exploit]

FYI...

Cisco WebEx Meeting Manager Drive-By Exploit
- https://forums.symantec.com/syment/blog/article?message.uid=345462
08-22-2008 07:08 PM - "On August 20, our honeypots began to receive attacks against the Cisco WebEx Meeting Manager vulnerability. This August 6 vulnerability exists in the ActiveX control used by WebEx to permit users to participate in meetings via Internet Explorer. Users running the vulnerable version of the Webex control who happened upon a Web site distributing the exploit would become infected. The first exploits that we have seen so far have been served via gaming sites that have had the exploit package injected on to them. While WebEx will automatically patch each user when they join a meeting hosted on a patched server, this vulnerability is only two weeks old. Many vulnerable users may have been on holidays, making it reasonably likely that some users will become infected by visiting day-to-day Web sites before their next WebEx meeting..."

 

[Cisco ASA and PIX multiple vulns]

FYI...

Cisco ASA and PIX multiple vulns
- http://secunia.com/advisories/31730/
Release Date: 2008-09-04
Critical: Moderately critical
Impact: Exposure of sensitive information, DoS
Where: From remote
Solution Status: Vendor Patch
OS: Cisco Adaptive Security Appliance (ASA) 7.x, Cisco Adaptive Security Appliance (ASA) 8.x, Cisco PIX 7.x, Cisco PIX 8.x
...The vulnerability is reported in Cisco ASA devices running software versions 8.0 or 8.1 with clientless VPNs enabled. Cisco ASA devices that run software versions 7.0, 7.1, or 7.2 are not affected.
Solution: Update to fixed versions (please see the vendor's advisory for details)...
Original Advisory: Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2732
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2733
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2734
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2735
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2736

//

Cisco Secure ACS EAP DoS
- http://secunia.com/advisories/31731/
Release Date: 2008-09-04
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
OS: Cisco Secure ACS Solution Engine 3.x, Cisco Secure ACS Solution Engine 4.x ...
Solution: Apply patches. Please see the vendor advisory for details...
Original Advisory: Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2441

 

[Cisco - multiple alerts]

FYI...

Cisco - multiple alerts
- http://www.us-cert.gov/current/#cisco_releases_security_alerts
September 24, 2008 - "Cisco has released multiple security alerts to address vulnerabilities in the Unified Communications Manager and IOS. These vulnerabilities may allow a remote unauthenticated attacker to cause a denial-of-service condition, obtain sensitive information, or operate with escalated privileges..."

Direct links available here:
- http://www.cisco.com/en/US/products/products_security_advisories_listing.html
(See those dtd. 24-Sept-2008)

Cisco IOS multiple vulnerabilities
- http://secunia.com/advisories/31990/
Release Date: 2008-09-25
Critical: Moderately critical

ISC analysis
- http://isc.sans.org/diary.html?storyid=5078
Last Updated: 2008-09-26 03:16:41 UTC

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2739
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3798
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3800
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3801
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3802
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3803
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3804
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3805
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3806
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3807
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3808
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3809
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3810
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3811
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3812
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3813

 

[Cisco Releases Security Advisory for IronPort Encryption Appliance and IronPort PXE Encryption product]

FYI...

Cisco Releases Security Advisory for IronPort Encryption Appliance and IronPort PXE Encryption product
- http://www.us-cert.gov/current/#cisco_releases_security_advisory_for5
January 15, 2009 - "Cisco has released a Security Advisory* to address multiple vulnerabilities in the IronPort Encryption Appliance and the IronPort PXE Encryption product. These vulnerabilities may allow an unauthorized attacker to view the contents of secure email messages or gain access to the IronPort Encryption Appliance administration interface..."
* http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml#details

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0053
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0054
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0055
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0056