lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201407161247.6.@psirt.cisco.com>
Date: Wed, 16 Jul 2014 12:47:52 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

Advisory ID: ciscosa-20140716-cm


Revision 1.0

For Public Release 2014 July 16 16:00  UTC (GMT)

Summary

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.

The vulnerability is due to incorrect input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. 

Cisco has released free software updates that address this vulnerability. 
Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTxquLAAoJEIpI1I6i1Mx3NsAQAMEQrCJ4WGFgJDM4zxqJgPB4
7uKI6BBpT2epClN6bMMx9Udf0EUDG0mOFJqH/rpMur9JqHuG8QJqXoHlMxYkM18T
7mRmlAH9ZWoJ0QZXtytOQRIXaPhPOG0SRoldMpRQJdJdWCuSWvpxd0vJbOZJWjYZ
imiA9z3sHuS5BkXecV1DOq5qzN711BY6j4yRrpxPotIRhqYE0oOgu6NfrKy9M1gp
dfI4R0/+hGzr8in+y3A5w3fFRfB8esT1LJ7hhhe6EPs8F7TjE7QClKt+A3uvhA1w
epQRsOogtkn4bRObfF5qZBFOqvyrnEwDfsv6qBzQO9OKEmsTNhPsBHfQ6HbEbEy7
49eAW8ZQY5l0nU+72FVmS7MwEAl3SReLaT1S7PSXaeysoMfns7KXqlgKuFkBUeNn
oujIPt6LUSuMElFGLhFqnBw0kt4viyMgoFx/3pbRi+dU6SsBlECz347kH9GTx46v
THhlYZuOnoCbotTXiNQGMuE031SstE+Oh6cK86/fWyvJvSZIjk7DssP8m2FiP9qe
TJNokIPWMWKooO823W4IKT4ASnY+SQMf0EOgxH4GmqjoCYNdCscjQSqsUiKrBUzp
8BYvKCKueuDNw35iLNXfFiiFKOBUhYN7znFKlgGN6GnnXBcZuOr4NntbKOlAHVIm
wkYouXj/TdqIfPDndRfJ
=NUhW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ