lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 11 Mar 2015 16:02:27 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Secure Access Control System SQL Injection Vulnerability

Advisory ID: cisco-sa-20150211-csacs

Revision 2.0

For Public Release 2015 February 11 16:00  UTC (GMT)
Last Updated  2015 March 11 19:34  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Secure Access Control System (ACS) prior to version 5.5 patch 8 is vulnerable to a SQL injection
attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, 
remote attacker to access and modify information such as RADIUS accounting records stored in one of 
the ACS View databases or to access information in the underlying file system. A previous version of 
this advisory indicated that a product running version 5.5 patch 7 was not vulnerable; however, 
customers running version 5.5 patch 7 should upgrade to patch 8 to completely mitigate the 
vulnerability described in this advisory.

Cisco has released free software updates that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVQCdtIpI1I6i1Mx3AQL8Qw//XbvxV5C6/9G1jCcpl5xlmfE0h3sKvDkl
SXi1zpjf0U1KFQF8mP3LZbP8AM2BXm6jvOHw78ePjAEEKy7oxEZ3YxoM+HU5vWxQ
7KH/Oe56AxlRohai1JUOrmcAudS/QfpDloi8rpBjCtXq0uEhm7yg66jddw0evLqK
MM4N8y2/5Pi+3AwXzL2rqWylrr0UzuXLhCBz16/mUBiXkxWhkYBkt64aUTx9nLP8
ME0A9w0wqnCAn0WN+DLOJ+CyvQ0hiMFB5msfRa9S4Sr1qkrkYvS9Un3tAtrxq0ZZ
gJ98sNFQ7Da9nsfng63tAdSL7VlYs7pgV9r6paMjMYrtZl6arFWBBiOgzKwcCyG2
D5neX6zWXGsg617SdCHbQBb1o4GcFSbBFxEK+AQQ+TspeTNCnOEYwkt/h8rtB24L
X8NTDT8NtuntuY5LZcTXQxM8lWWxKtcJVNuO2DjutmSwTZgK+TImFVQ18v1epRAB
qyzEKVHJfGO5qiBexm7XIHxDXejEolkY9Sh9UQO0qGOxgC17TROrqv1FIsxEqcn9
YLn1iA1V3tH0HLsXo4LOD7ufqLUPgZwTspMRy0rO0XMkZFzlGNLRqwYu9yfneGZR
6FDUG76UdcIRRtumDn2pGYzE4V/YyDfDOzJiUIq8riRTD4977YioaTdnEyJepenm
7LJmxDQ8hIc=
=D/X8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists