[<prev] [next>] [day] [month] [year] [list]
Message-id: <201210311214-11.mp-ep@psirt.cisco.com>
Date: Wed, 31 Oct 2012 12:14:10 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: full-disclosure@...ts.grok.org.uk
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Multiple Vulnerabilities
in Cisco Unified MeetingPlace Web Conferencing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified
MeetingPlace Web Conferencing
Advisory ID: cisco-sa-20121031-mp
Revision 1.0
For Public Release 2012 October 31 16:00 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
Cisco Unified MeetingPlace Web Conferencing is affected by two
vulnerabilities:
* Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
* Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability
Exploitation of the Cisco Unified MeetingPlace Web Conferencing SQL
Injection Vulnerability may allow an unauthenticated, remote attacker
to send Structured Query Language (SQL) commands to manipulate the
MeetingPlace database stores information about server configuration,
meetings, and users. These commands may be used to create, delete, or
alter some of the information in the Cisco Unified MeetingPlace Web
Conferencing database.
Exploitation of the Cisco Unified MeetingPlace Web Conferencing Buffer
Overrun Vulnerability may allow an unauthenticated, remote attacker to
create a buffer overrun condition that may cause the Web Conferencing
server to become unresponsive.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds that mitigate these
vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlCRS2sACgkQUddfH3/BbTqMAwD+MQwopEA45I2B7OCcFOkuDQ8/
TrGs6zU5Ne3h/adthZUA/jL0oa9uIVtgMmih5QPEjeNaFCsuLlQexhbPtycDJoOU
=gqZZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists