lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed,  2 Nov 2016 12:03:51 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability

Advisory ID: cisco-sa-20161102-cms

Revision: 1.0

For Public Release 2016 November 2 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.

The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv6 input to the vulnerable function. A successful exploit could result in an exploitable buffer underflow condition. An attacker could leverage this buffer underflow condition to incorrectly allocate memory and cause a reload of the device or execute arbitrary code with the privileges of the affected application.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJYGeeYAAoJEK89gD3EAJB5YUIP/19rgJYyhtMGclvuJki2GnmF
9Wr6KsfgTHZI2uxWOrd2GL8kLt3a8roEeLxY6T7d3aL4J3e5oKTf/eAETuaHsXnA
NG1RknOcOn9P0iAY8Hr5UjMfZcIU27EfnnACqclecXbNiH1NWD6WPH6r058041Ib
OXW0uTsBWNnhgFTDPuks6rCKBibbKiBYJWi6hFqqhfl7dabh7e4sqIZrR1PYZ1Jb
RjfPd5NhD2ksUAeRxuwHD4hGRLQZS5Il+DdpbJ2N7JzhpaMMv6EfevqhImPCe1FM
4C/sjBNbBSYlzwdoVSDwoPLTOS8NJWPK39WC7JB9Jv5JetnV40t0gCvy1AYnVedF
AoKnnkaDlsCN/lzW+js5YuKvOV1hRe+r/631TV3VWuC7SHDJCoF4tD8s/ZBugE6k
8xkN23AlsCtgP/5GNUSH4wBOXaidRTPKK5YjT0hsIqV29TYjx5Sn3BKsjIrVqB6O
sJDPcxe1p/IbNL0ZRiTnsiPcrZM5uvFigyzSWixT87rfFQV4cawN6VRmjZNxZgCA
NEsqCJbXRANreYD840FWleLaw8VCChU2qms3lz4k8GrLuBzZg1o+2IXd923YtCOZ
qKp5szHDoPhrxLMZRL7aC9rajPv7uqQQrNOO1FMC8RRu13uriQl2oOzx7WkhZTnG
16o5lSdBYGKg9HouNE3i
=m8l2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ