lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201506251213.6.ironport@psirt.cisco.com>
Date: Thu, 25 Jun 2015 12:13:56 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

Advisory ID: cisco-sa-20150625-ironport

Revision 1.0

For Public Release 2015 June 25 16:00  UTC (GMT)

+-----------------------------------------------------------------------

Summary
=======

Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv) are affected by the following vulnerabilities:

    Cisco Virtual WSA, ESA, and SMA Default Authorized SSH Key Vulnerability
    Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability


Cisco has released free software updates that address these vulnerabilities. There are no workarounds for these vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVYwnmopI1I6i1Mx3AQI8DA//UJpwngo+3TKUbizNCHSpjP5+lZxyiekt
KSS/5AiI3xjJ1Jwm/x7ag2bmnvJToY/5kMi9MEYX5iuS/QdtThW3i34P80miK8aS
8O4/LM1rcHCnKvYtIfvsJz8fieMMys/3s7upAi4QuDszwvB8tVOsJBgDjtUbIf54
UzfoAtyK8aF95xtNyng3eeVP+8w+SHsUMuUGOfDIT6S4tmjlCLTe9/vpAlfJWUvI
bUVY26nVXgcH/fOYTYabjuiPj/1Ox5Hc/UPgu/P1Zeccrn3t/+x3PeB3YQe8qc6m
kVdrtJQu6PxjKHdRDTeH1agAvm4E438JDCbuQObj6lf+mQjpDpWvBuJaUNPh05Dx
0cWX4Y1UhzCZwsITI/BnGLUZ898Ho6MxcD2jl+f2/UYvSeZRH0UptwlwqOpU9HvL
Za3I1Jy662426A/IX/rgvoQQDATbNQ8hOh7GsVeVPE7IZhCtUtelauKm3gfyHYPR
HdALNZxUaiueavYGEO8873JB4FDY/hS/e8/nkk/9yfW1hLvxZ7HpPvA/5nQf7Nha
KkB8JBffO3A173LS3ko9NBAIpx4el8zzhye4xoWU7r+wcTWwt1NcccTX7PEQ+fG0
ynSrBZuMWuNeKazmOZe0zIWfrWhaWtcqB609+4YvVP4gyiphW50p1janw5CkW1NF
rAKcc/vfKO4=
=Gmcx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ