lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed,  6 Apr 2016 12:07:53 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160406-cts1

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+---------------------------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco TelePresence Server devices running software versions 4.1(2.29) 
through 4.2(4.17) could allow an unauthenticated, remote attacker to cause the device 
to reload.
 
The vulnerability exists due to a failure of the HTTP parsing engine to handle specially 
crafted URLs. An attacker could exploit this vulnerability by sending multiple URL 
requests to an affected device. The requests will eventually time out because negotiation 
from the client does not occur; however, each request consumes additional memory, 
resulting in memory exhaustion that causes the device to crash. If successful, the 
attacker could utilize all available memory resources, causing the device to reload.

Cisco has released software updates that address this vulnerability. Workarounds that 
address this vulnerability are not available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-
cts1

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJXBSEYAAoJEK89gD3EAJB581QQAKhG46xic2QPHtFkdwHSL2YW
EF9nGj7FpKHFSCgvDFG+cQdYFmeknvnoUdBwyP7uyQ47sUdg65hyQEDXZi2PrQIx
PlxZ/h03VXcz/S5H9qFDbCoez5BAFxA/rfdzYWGQPwQs4SxPgrK5Y4Ybkv+HaiVk
Jt/wzJZGoP6HyBntzs4EByDbDFXo9qtmU+IhsJnC0PULT7M0AItzABBlGPcIMuaY
wptbHaCpB9GXNKXV77Q4C7snqx1XJBpcWuegDe3qTkb3Z+9Bke6h/ZXUN9ntAipS
rHt+fmCQ/ZJZgjRiFUmGJ1Tn3gqzJg2sM+BBz7e2d1wlEjXsKAnm1pahj3/xD6gT
z8w+4Fb2qUy937juTogT3vBVbZ23TCs6u8Nb3CsHBwDIa595lD540nC8BeS0DQQ0
D/oahFe8GKA3oV2txcsdf34JPCOq6Rt/yzLZYeZWnDaiyRSWpGk0BPFdWzak3htn
KzOu/BWiR3BkTnCCk6n3xnp202dIIy4modS8/LSWW8DUGPEpabXQSEq1BBQXpvtL
rKrapwWOxi4PyS0TGZZlcmpyJQHjTAx81gxlwRPZGQtFU5Va+HkpDBfVCDEQE/0B
Cyk34VQFa5OK78feBYSn7zgG9wrR2er8uHgIKI/Wb/pQuONu85FHrh54lHdR4jKK
rjbrd+a06J8wXEwDEoaS
=uw3X
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ