lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201511041107.6.privmse@psirt.cisco.com>
Date: Wed,  4 Nov 2015 11:07:40 -0500
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Mobility Services Engine Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20151104-privmse

Revision 1.0

For Public Release 2015 November 4 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the installation procedure of the Cisco Mobility Services 
Engine (MSE) appliance could allow an authenticated, local attacker to escalate
to the root level.

The vulnerability is due to incorrect installation and permissions settings on 
binary files during the MSE physical or virtual appliance install procedure. 
An attacker could exploit this vulnerability by logging into the device and 
escalating their privileges. A successful exploit could allow the attacker to 
acquire root-level privileges and take full control of the device.

Cisco has released software updates that address this vulnerability. There are 
no workarounds that mitigate this vulnerability. 

This advisory is available at the following link: 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVjU+z4pI1I6i1Mx3AQLKVQ/+NHVg7BVSp9DqjQq6vnGkIaXMMbYmhPSY
TGhJPy4EWX/8qYvb3Y6Ag+mKs3+xZsxT1zS7HpTtbQ5uRlz4MJp11LB7Nh1KFQ9k
nMNlmPj9ulTYbfCAb3aaEAkHZXgt9vQBT47lzvW1/ytRsfXft+jiOL7+PS77UND1
clJ4Uc7WLupqzPz34hHGkhSlj/HL1/Kc6ojWvVAFNSVA1Qlefnuo3wX/dRD6cTSV
oJwTOVZoMCuOBdVZls1cNAABy54uOVzuOOzYoZ1bPKk3wZgMjQb8dfK7ue31ROp8
IGgdN1DLS0yNy/wF3RyW9rCDr/F/zeit+XzEzuVLRTqf/g1vqVODo5F5IT8Io92t
rdVN/ffgdHEJkLLtBHTSSOc9KzBadibJwf425ZKiYffOewQCQ9ErdBPvUgRO9vhY
3IZEK+OhmbW3t4BdOot2ofNXJex4KM1pICICEtLYY2vdigaYkcIM6NrIiSaxsrBk
ntR2ZSx/87qjqfCqiimMAqmFTnPwl8MxbY9cd7rJIx39dky6QTtPZGzNb0dpvie0
jbFQDO+HA61MLs/S2GHGjjwICXwJ6nox8bv6sFC3GI2y1RqXYCX+faMYCWauG/DZ
zQZVj7v1dvOykvHqIj/eyyUzCeps2ERZEJ+OPg6i6DWjIC52cM7xlqcmXj5Jp1ql
UzWQnbxVuWg=
=sDqr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ