lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-id: <201604061207.6.cts@psirt.cisco.com>
Date: Wed,  6 Apr 2016 12:07:14 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160406-cts

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+---------------------------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco TelePresence Server devices running software versions 3.0 
through 4.2(4.18) could allow an unauthenticated, remote attacker to cause a kernel 
panic on the device.

The vulnerability exists due to a failure to properly handle a specially crafted stream 
of IPv6 packets. A successful exploit could allow an attacker to cause a kernel panic, 
rebooting the device.

Cisco has released software updates that address this vulnerability. Workarounds that 
mitigate this vulnerability are available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJXBSERAAoJEK89gD3EAJB5644P/An6qNBuF8NJbf3YmheKoOnZ
qdWYOg89Cy/lvHXTiGshZvcahV+T4pwLKVsn40hl3H1Gfp8sOr9b2KIR8MC11jas
tSZ2BZUTALhUGJ7l/3DDY2pPajpRkvMlo6BTOKhewpcKxSb5KtXn0QKsQXO/0ipz
a0XlrwSZAMsyWQ9/KE3TR9LoQGZ0yPEBUJFZCP5WsMosiFGQGMp7WVO7y6G0L9J/
9LM9qZHpbi8m01wIrRigJMj7kX/6eFOdFveAUHwBcrThknd7WiaWiK0EdzvYr3bN
FbrMub1GFIZp04SaW34r+qK/Rm9P1Bku/+T38nxvAESraKG9Dumj47h3krU476UQ
oSxLvacQNnaNBs9kuBFckYLYV7RneQ1u+oZq0LAZaZ6+tWdmC0Y6abrsJk3dupnl
k2bX/F3UH8B5h6L9PJROcofuRtmmhOWRklK/kShlheZt/Vf8Wig/yHawRC5on1Iw
QvKOWY7510U2pj4OhG2YyZgX1dmJ0neDTul6hJ39uSOBUBm7LYYy8efvqRB3S1te
QaodRiaQU8CdbVRDTt5N+5qFoKQ70Ii+2HHX3h+WkMl6oVEpZ32rmn5QvbZ8pS5Y
Flnli00aDIVDrxXInqiMLAig4yKKxT12uMH8lX9Ta3tyXSD3PG9QwYXbue1exwwo
uwizbTaFsnwb9H5vyNUG
=9XH/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ