| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Jan 2017 11:34:56 -0500 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability Advisory ID: cisco-sa-20170125-telepresence Revision 1.0 For Public Release 2017 January 25 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence -----BEGIN PGP SIGNATURE----- iQIVAwUBWIeDdK89gD3EAJB5AQI79RAAplmPBpkFRYb4q6MDIh+/vve0iCnqG3wr 9jBWnzBazufUTII3085vH9snHmZjw2ffliVNv6DsWVXeouuxKgKHMi63dHoLmOTc wvfAGCY8Ag9ML9or0ksOgeKcSq4qgmVqZDN163CvFtG/bq2W1yNqSOeNT2ay00SA Xe0mP/lzqzgI0V7kw8Z3JmGq01sOOgTNV/RV3f5ZQOG3JpXQUuto8YfDwug3F1sl JnNloBK2DNi5c6PzopqH2nYgWmOokv2VsSZchV7dZHHuwpL4yif3BY3p6SnZm6bc ijTI2RhAfGf8NMMkGGoj/qYWn0JgzUEJ0sjPnpEmk2wo7YrdiABussvQ7HhHjaIB 3ayzYMoPI5RfMXiBgFgz5Y0YSJPj/WUNEMc2P7uzWTXq9WHEI26Mpp9Abc5w/lYC e73xzbLwpEqCMwhNtjPCXZizG7bkOUeNWQCZv7SzRPB2vFpHUOGqUlpjHN5hygfk 576+N1nFcDcck6lpYGjuEcvbHQ+uJtQgGNcxm/8HHtApG44OFrN2lfy3nRolt9ib hngttXqZjvW8Z1TAwQmohzaio46lNlLpBbHj2lsT0WeluP6YTbGW3hybHqnDDui6 Nr6hmdyGkCay9zIvPwRsisDUOltu2x3RU/cAPFvqk3//fkyrCQ5b9/6o/qh+MKZN SLjZF80kyW8= =bl4y -----END PGP SIGNATURE-----
Powered by blists - more mailing lists