lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 20 Jul 2016 09:03:41 -0700
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability

Advisory ID: cisco-sa-20160720-ucsperf

Revision 1.0

For Public Release 2016 July 20 16:00  GMT (UTC)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands.

The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf






-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXj4blAAoJEK89gD3EAJB5fxUP/3IUSqmwPNOO0uzEISZsClbP
eV1sWplfvIR0+D/ZehXwg5I5Bjla77t0YUmqa2OlqmmGUA6etCsz1CAJhYI99jhV
dBTVjzIJ7/gaEqZq9SpiYwcqTe/5mU8vhJwt8T/x0GfS7qvPMAPxGmiS8NijZN1m
O2aUYZOi3tjxwrYM72NtdjKMcxVJ4HhvwPA8QcUV+b+B8MgMwDp9i7zaJHldLJAB
dAOUoIMmqSrsTjp5QX+oBv77XMoL6489hPNF0Kdt2ysIlcJDMQFn9Mv2PM76rolT
d/v91W3FWA43X5BnZISHxh+YKLSxli4sHXKR2H3nDhrhZml9e9FwyvQBmKGAStb+
IUJPfFkkFt/y/QHQiPx98MoW1bwaq7jarpihGearGcm6IKWw7op+c1xPVaKI6j/W
3zLObIbqHItCCE+62Qb6PLYTzaX/EyKtwpOsEiHZmPMsVyEFGsb57HyS4cS3Orm4
nlzxZRkv6VGfEx6uWr2VasD2pXUBEMY3fv9QJ/1fGcZokdaw0F+NwT89JhYd5nRE
nAwxCi2E9lVpI+pZOYlWwjkKCdLn5Tl0Xefqxz9q5u/URcWKPSLwOkQ7ZY3ajM9x
LBMhU3ub+H/rms6sykXRERawO/pCnwzDEh4LvoRocd3bM9s3pLKiV3KWJAQxIQE3
y0TbOx9qKJpsZO3Kwywy
=dBY7
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ