| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Feb 2015 17:04:03 +0100 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Secure Access Control System SQL Injection Vulnerability Advisory ID: cisco-sa-20150211-csacs http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs Revision 1.0 For Public Release 2015 February 11 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco Secure Access Control System (ACS) prior to version 5.5 patch 7 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one of the ACS View databases or to access information in the underlying file system. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVNtpuopI1I6i1Mx3AQJ6/A/+JIKuQxiLmALGpAfX04MpmVAEQy5lntFb 4zNxT0JxqOXzXjYaGBC+8e/Ld0SXUi4sCuewQEXHTeEBSEQfyyGjk9tnjmSaMy6z Qp7lAB/6qZEFHnVLbwhCoAAQiYheIk18jt7fdZM6jJ4sW8mjUx6LmIcPgdURDyQT bZ8lTvmQNF6c/lBtIdbhxfMjOJYz1i5L5bjM0NrO0HH80jfgD7hYeNO0olROwo9D ICDRz5w07UQ949/YRLG901UAIOs0Cyodnwy44ERJ3iH0bglvFIdeGyFlfzs0wnpT /3XiAOJPnun9Uc6HZBbpgb1Y9ojITaxaT+OzOqi0CWG8rRqKyh1i+pO6ucmq3feE h85uBW2T0cRemgf8zMNI+fH1lLgnhCZ32gxVsOnzreSET11kcecAFkAVWmYwo4sL PornqaV3tRJDXpAsBVceMfGIhPz8GvFii8ZqaGaF+tCl7KuRtiXYeCOdVWHZMPie vtfYgB2il/KpB6fy9tGpQ3YmBl3n+T3oOawdIAdMuxhHYm9owZIfk7K9VC2xCbY8 96xhmJFsOZErdP1vlc4HHgUeJGWhzNvdBiPUF+V1JcdqGldA7/92SmXigbDh8Lr/ spMQBnLhuyqV7ghL6zx5HLhlwOH2Ub3dS26Fxm2GeUa1fcAIgd4ME58hSt+T3J2l pJXLh5SWb0w= =KXWL -----END PGP SIGNATURE-----
Powered by blists - more mailing lists