lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201404301204.6.tcte@psirt.cisco.com>
Date: Wed, 30 Apr 2014 12:04:53 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Advisory ID: cisco-sa-20140430-tcte

Revision 1.0

For Public Release 2014 April 30 16:00  UTC (GMT)

Summary
=======

Cisco TelePresence TC and TE Software are affected by the following vulnerabilities:
	Six Session Initiation Protocol (SIP) denial of service vulnerabilities
	Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability
	Cisco TelePresence TC and TE Software Input Validation Vulnerability
	Cisco TelePresence TC and TE Software tshell Command Injection Vulnerability
	Cisco TelePresence TC and TE Software Heap Overflow Vulnerability
	Cisco TelePresence TC and TE Software U-Boot Buffer Overflow Vulnerability
	Cisco TelePresence TC and TE Software Unauthenticated Serial Port Access Vulnerability
	Cisco TelePresence TC H.225 Denial of Service Vulnerability

Successful exploitation of these vulnerabilities could allow an attacker to cause the affected system to reload, execute arbitrary commands or obtain privileged access to the affected system.

Note: This security advisory does not provide information about the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160  (also known as Heartbleed).  For additional information on Cisco products affected by the Heartbleed vulnerability, refer to the Cisco Security Advisory available at the following link:  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed


Cisco has released free software updates that address these vulnerabilities.
There are no workarounds that mitigate these vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTYR4LAAoJEIpI1I6i1Mx3TJYQAKPF2T8b5PUVB6SfesgPMAjc
V/YIgeSzoMNsEZvZgoM2Qvjdx03j4PvHj+ecQgqxEzYoHGXwKxhT64kOl9atmQac
Xxms2GRkoDtrBZYBo1mbNSgbAR/eCe7iFsBrz23ciJax38VO4bxmuhtRMzZJcu/w
6mGXcbNqiEY+v42FkX7PeeWSCeepu0SDxF68QHsEOh3YGhI1BZ2nTBhNedlSdRJu
UKwMxbnj/qpX9NUwkYluKFmgQjZ3ZuImnZT2HjlWunksFPo2BCKSLDX5lufiLjog
5hR+vWPMsA/napuJ9tPZUpyikTXwm2iej8hPqWAERzF2WHbXsWjS7HvOFU0A9hX6
9n8ey0B9rxZzM7+8B10bqveF3FaAfY6Ilc3t2aRxH52IZdj1mN7CeGkbyMXQvuae
JPH+7F8xIbDoQvalmGFtTqgDmjZyxW+UXALfqcjmePJdvYGKIvr8MuG2s/fP8sYa
IDMRRKVxE1gCjER8Hjp7CVOUsNsPB+fnDZFB84sKcAeKSRhDjNjodAwhXfBBwQrv
iK0t6AHtiIabsQw+OyOvQWeaZPx1ltjJkD+iLl7CGlZrde8vop26RScCp2IQRUsp
sUIdYFaUnf8xkZVgjljoNOZBBBH4Frb0N2kiW/9EmS/A/azOupJEguI7WaEoYdDU
VDEhLhJG9uTVJAdPsEEy
=e0Do
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ