lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070315174131.25921.qmail@securityfocus.com>
Date: 15 Mar 2007 17:41:31 -0000
From: cassio@...l.com
To: bugtraq@...urityfocus.com
Subject: XSS vulnerability in the online help system of several Cisco products

What: cross-site scripting (XSS) vulnerability in the online help system distributed with several Cisco products
Release Date: 03-15-2007
Application: 14 different applications verified by Cisco up to now. For a complete list of affected products see http://www.cisco.com/warp/public/707/cisco-sr-20070315-xss.shtml
Vendor status: Replicated and verified by Cisco Systems, patch available.


Overview: 

	There exists a cross site scripting in Cisco VPN client in the search engine of the HTML help file. The result is that when a specially crafted search is performed, arbitrary code running with current logged user privilege can be executed on the host in question.


Details: 

	Cisco online help provides an HTML based search feature. During my investigation it was discovered that a specially crafted query can lead to script execution despite of attempts to cleanse user input by eliminating special characters such as “<>;:” from the begging and end of the search string as observed on the HTML code.

	The result is script code execution in the local user context in the host. Preliminary tests concluded the system is vulnerable with most popular web browsers such as Microsoft Internet Explorer 7.0 and Mozilla Firefox 2.0 fully patched.

	User intervention (e.g. clicking on a malicious link) is necessary to trigger the exploit.

Vendor Response:

	The above vulnerability was addressed by Cisco Systems and a patch is available. For details see http://www.cisco.com/warp/public/707/cisco-sr-20070315-xss.shtml 

Recommendation:

	Apply the patch supplied by Cisco Systems to your organization’s software maintenance test and deployment procedures.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ