| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Nov 2015 11:09:14 -0500 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability Advisory ID: cisco-sa-20151104-wsa Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the certificate generation process in the admin web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system with root-level privileges. The vulnerability is due to the improper validation of parameters passed to the affected system scripts. An attacker could exploit this vulnerability by passing arbitrary commands as arguments to the affected fields of the web interface. An exploit could allow the attacker to run arbitrary commands on the underlying system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWOibcAAoJEIpI1I6i1Mx3ANEQAJ+ba8TyxsQ3Krkk3LQG5cEv HcM6gkBD5ZIN/mN114oCxEj09ja8I1uVQeEZ48QpJwsd2lK+6kShhk9dEf1pU+AF O6jQSB5K70pBu0OQiR+cjx6UL4n8rjXFg43A+x96LVf3urnsE2yLO6rwelo5RedZ /9buyqZ0tSlNlShjswtJGWDJb7fXnY8wKYdwdKrc3b/tcmpU9Ae/kCrH5p5lhmE5 QuS2lBDkp5kKR06TWO0dKjoSYXspS/HU8y/ol6Pebb6UdogYeMZCLC5JsbSKzQ3i mwBjLjt6ZA31Q+ML3FTkyv2KgNfFMi3t7tYCu+QPuFKJ2zd29Cbh7FLP+BdYg18P u3g5AdEZWLjBa1Crlo3NhTvH2qS4ZJ8wTMlLg3gk0W0eUnP/PRYFIOmUyP2gv4aU nrigoC/I67jZMnpLcZ1NPHAePdOPzK3YWxbAmCG/2tW2kJfRGAXnRPK/BqhhagVv 2RirzYFK5aYo7nVzXHiSqThtHuSpDnJZeYsVJwRYgHnhCsTwQYxCrLtEU/kF/btg F95Rm2Se3s+R39LK8G8msT4uJq8B1CCe+rnldgV8DR4S+49mZoI59uw240VIed+W JwLwmSPR0njrI+e+DboUaOOyrwrCjzYPe4EVMpTLmkVK6JgEXno/8q0zmwjnHRKv 0MgACGiN3EjEK/Mnq/aH =zUS3 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists