lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201608171204.6.apic@psirt.cisco.com>
Date: Wed, 17 Aug 2016 12:04:43 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160817-apic 

Revision 1.0

Published: 2016 August 17 16:00  GMT
+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.
		
The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges.
		
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. 
		
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXtHUBAAoJEK89gD3EAJB5R/gQAJNpnrqzsRS2HQzw6wq/e3wk
9AQHGBahR/l9C9tN5h+lsGVNOQ+o4KQLZpGe9qi6GDyy9WwHfCa95DgQ5fIfrLlk
OUzgEpCnJ87PdLY6kBxK/y6doSY7Nwa8ilyegbTnFCurqYUOB6pYSR8+cabq4V5h
GSdLBaBQlpJ0w/Ic7Q1fkOk64AgZvs4p6swuyOgvr9+NDBM3cRcaY64xWhSuM6EM
Sxh0aqYiG0dvrn1ulWFLh39mL0DWWo1krxbWv1Kag5F2Jtfnhnrur4Vt8ROF8uYj
igwrRd0k1cEbKJplzRpEIUMro4j0I1c0SbVtcs6+frovplcXB1mmt8bEPjwrlbZ/
gfLWSArj9E77SDYFSgWcEknNFoyOWZ/tmMJuRuK/JV8072SpLe1nSI3/ZX4qLT2+
reixn7kI91MWLRdOcUf2x4uj8P1cOTipItTw9WUNyIowTN3L5LDARUnCGG7J+/mc
vzp4LKHG2nDeG1iA7bZx7wLuehkeRs4WPKtlAs4F7jNm1WRJNyQ+GP9Ik6dfcDbK
1Z8fLTlNzbE3GH4hBbWliZq2/dVUkwPPPI0t1aVhdkKKjqwrASlaWR/XVaf5uEuv
rR4VYUXa0cRKi4wcVFLqyLoEnVD0pJGBGB87XGXhQ2lFlBJ9u9Gv57+nCCqP1egJ
aBvnymLDgKAGUDyPrULa
=S8Uw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ