13
2012
November 2012: two Cisco vulnerabilities
The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:
- Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities
- Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability
Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities
Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition. An attacker could exploit these vulnerabilities by sending malformed files to an appliance that is running Sophos Anti-Virus. The malformed files could cause the Sophos antivirus engine to behave unexpectedly.
Vulnerable Products
The following Cisco IronPort appliances, when configured to use Sophos software, are affected by this vulnerability:
Cisco IronPort Email Security Appliances (C-Series and X-Series) running Sophos Engine: 3.2.07.352_4.80 and earlier.
Cisco IronPort Web Security Appliances (S-Series) running Sophos Engine: 3.2.07.352_4.80 and earlier.
Details
The following vulnerabilities affect the Sophos engine that is currently installed on Cisco IronPort ESA and WSA products:
- Integer overflow parsing Visual Basic 6 controls
- Internet Explorer protected mode is effectively disabled by Sophos
- Memory corruption vulnerability in Microsoft CAB parsers
- RAR virtual machine standard filters memory corruption
- Stack buffer overflow decrypting PDF files
The following vulnerabilities do not affect the Sophos engine that is currently installed on Cisco IronPort ESA and WSA products:
- sophos_detoured_x64.dll ASLR bypass
- Universal XSS
- Privilege escalation through network update service
Sophos engine version 3.2.07.363_4.83 was qualified and provisioned to the Cisco IronPort ESA and WSA update servers on Tuesday, November 13th, 2012 and fixes the vulnerabilities described in this document.
Impact
Successful exploitation of these vulnerabilities may cause the Sophos Anti-Virus engine to crash. A remote, unauthenticated attacker may be able to gain control of the system, escalate privileges, or cause a denial-of-service condition.
Link: http://tools.cisco.com/…/cisco-sa-20121108-sophos
Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability
Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the authentication protocol and Cisco Secure ACS is configured with a Lightweight Directory Access Protocol (LDAP) external identity store.
Vulnerable Products
The following Cisco Secure ACS versions are affected by this vulnerability: 5.0, 5.1, 5.2, 5.3, 5.4.
Details
Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass the TACACS+ based authentication service offered by the affected product.
The vulnerability is due to improper validation of the user-supplied password when TACACS+ is as authentication protocol and Cisco Secure ACS is configured with a Lightweight Directory Access Protocol (LDAP) external identity store. An attacker could exploit this vulnerability by sending a special sequence of characters when prompted for the user password. The attacker would need to know a valid username stored in the LDAP external identity store in order to exploit this vulnerability, and the exploitation is limited to impersonate only that user. An exploit could allow the attacker to successfully authenticate to any system using TACACS+ in combination with an affected Cisco Secure ACS.
Impact
Successful exploitation of this vulnerability could allow a remote attacker impersonate a user and bypass the authentication to any system that uses TACACS+ and relies on the authentication service provided by an affected Cisco Secure ACS.
Related Posts
- Telefonica and Cisco Complete 4,000 kilometer 100Gbps IPoDWDM Trial http://t.co/7c0uqzH6bG
- Mozilla Releases Multiple Updates http://t.co/Kqldpe1MZ7
- Cisco Reports Third Quarter Earnings http://t.co/bE5q0Lu9uB
Email Updates
Archives
- May 2013
- April 2013
- March 2013
- February 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008