lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201609211229.6.csp2100@psirt.cisco.com>
Date: Wed, 21 Sep 2016 12:29:07 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160921-csp2100-2 

Revision 1.0

Published: 2016 September 21 16:00  GMT
+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJX4rQkAAoJEK89gD3EAJB53UEQAM+JzDD3kO6KPYmZYhe+f8j2
625JrU7AZ3bdn5IKJcje16kxJ72S1PclYFj7hCiyWYK8/SIbIyVLPdzdVRNZUD01
mKd96cHC9bM01FCE9BAiZ3bb+HDQi/VDgG7tcOriPkzu6sQz9x+riFukkhOYHA+h
sudNKaDLrPuUsXUb0EkjwitwBI+l2THRlyNou4SRHVx2aIWtu7QlArouTTNiJMDx
jIHFxyBm9Lw8Bc2QFXl42sffUbf74lU8BKzGgIxVgXgoD53yxqoNMYFf95JfqrxV
hxls6ncBHrxdN+jbccD4OriErKLuqGUSZPHG3c4eAIYTS+B0qFlklwm45I7QYMdO
wA+BSwqz+4H2aaNttuYWCon1ryRJCHy0Yys173K9ZRIsZF3S59aDAOOzVlWU9kWP
iNdZ2b+WdjQtEbsdwgj3QdsLUttjT0pfHlJbuBB31E9UhJ/BZdf/2bDfi+MRUSSS
zA/WN7a6hvw6Nfh/XFl+BQ7jru+RdWur/LqzENhl7kQUVZ2zQ40fPqANbJT9dzUD
OLVcw/Ciuf8T+N1BwiR+aRILVlDvDb1N+fjwLfDoLUZalG/W8geG7+qNNt6Deanl
F9r9usPIs7Hd+H3XT+hwgG7higiMk2ilA1bTveRcKTsaeogmNIaZd/1KFRLPvRj+
qIPI8pHxCE/S3Uw2Wlsc
=YgU2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ