| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Aug 2016 12:04:43 -0400 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability Advisory ID: cisco-sa-20160817-apic Revision 1.0 Published: 2016 August 17 16:00 GMT +--------------------------------------------------------------------- Summary ======= A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXtHUBAAoJEK89gD3EAJB5R/gQAJNpnrqzsRS2HQzw6wq/e3wk 9AQHGBahR/l9C9tN5h+lsGVNOQ+o4KQLZpGe9qi6GDyy9WwHfCa95DgQ5fIfrLlk OUzgEpCnJ87PdLY6kBxK/y6doSY7Nwa8ilyegbTnFCurqYUOB6pYSR8+cabq4V5h GSdLBaBQlpJ0w/Ic7Q1fkOk64AgZvs4p6swuyOgvr9+NDBM3cRcaY64xWhSuM6EM Sxh0aqYiG0dvrn1ulWFLh39mL0DWWo1krxbWv1Kag5F2Jtfnhnrur4Vt8ROF8uYj igwrRd0k1cEbKJplzRpEIUMro4j0I1c0SbVtcs6+frovplcXB1mmt8bEPjwrlbZ/ gfLWSArj9E77SDYFSgWcEknNFoyOWZ/tmMJuRuK/JV8072SpLe1nSI3/ZX4qLT2+ reixn7kI91MWLRdOcUf2x4uj8P1cOTipItTw9WUNyIowTN3L5LDARUnCGG7J+/mc vzp4LKHG2nDeG1iA7bZx7wLuehkeRs4WPKtlAs4F7jNm1WRJNyQ+GP9Ik6dfcDbK 1Z8fLTlNzbE3GH4hBbWliZq2/dVUkwPPPI0t1aVhdkKKjqwrASlaWR/XVaf5uEuv rR4VYUXa0cRKi4wcVFLqyLoEnVD0pJGBGB87XGXhQ2lFlBJ9u9Gv57+nCCqP1egJ aBvnymLDgKAGUDyPrULa =S8Uw -----END PGP SIGNATURE-----
Powered by blists - more mailing lists