lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 30 Sep 2015 17:49:31 +0200
From: "Securify B.V." <lists@...urify.nl>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Cisco AnyConnect elevation of privileges via DLL side
	loading

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Cisco customers with active contracts can obtain updates through the
Software Center at https://software.cisco.com/download/navigator.html.

Cisco has released bug ID CSCuv01279 [5] for registered users, which
contains additional details and an up-to-date list of affected product
versions.


On 22-09-15 18:18, Securify B.V. wrote:
> ------------------------------------------------------------------------
> Cisco AnyConnect elevation of privileges via DLL side loading
> ------------------------------------------------------------------------
> Yorick Koster, June 2015
>
> ------------------------------------------------------------------------
> Abstract
> ------------------------------------------------------------------------
> Cisco AnyConnect Secure Mobility Client for Windows is affected by an
> vulnerability that allows local attackers to execute arbitrary DLL files
> with elevated privilege. By exploiting this vulnerability is is possible
> for the attacker to gain SYSTEM privileges.
>
> ------------------------------------------------------------------------
> See also
> ------------------------------------------------------------------------
> - CVE-2015-6305
> - http://tools.cisco.com/security/center/viewAlert.x?alertId=41136
> - https://code.google.com/p/google-security-research/issues/detail?id=460
>
> ------------------------------------------------------------------------
> Test version
> ------------------------------------------------------------------------
> This issue was successfully verified on Cisco AnyConnect Secure Mobility
> Client for Windows version 3.1.08009.
>
> ------------------------------------------------------------------------
> Fix
> ------------------------------------------------------------------------
> There is currently no fix available. Updates are expected to be released
> on September 30, 2015.
>
> Cisco has released bug ID CSCuv01279 for registered users, which
> contains additional details and an up-to-date list of affected product
> versions.
>
> ------------------------------------------------------------------------
> Details
> ------------------------------------------------------------------------
> https://www.securify.nl/advisory/SFY20150601/cisco_anyconnect_elevation_of_privileges_via_dll_side_loading.html 
>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ