Uočen je i ispravljen nedostatak programskog paketa Cisco WebEx Player kojeg napadači mogu iskoristiti za proizvoljno izvršavanje zlonamjernog programskog koda.
Paket:
Cisco WebEx Player
Operacijski sustavi:
Apple Mac OS X 10.5, Apple Mac OS X 10.6, Apple Mac OS X 10.7, Fedora 15, Fedora 16, HP-UX 11.x, IBM AIX 5.x, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows 7, openSUSE 11.4, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, Sun Solaris 10, Sun Solaris 11, Ubuntu Linux 10.04, Ubuntu Linux 10.10, Ubuntu Linux 11.04, Ubuntu Linux 11.10
Problem:
preljev međuspremnika
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija, proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
cisco-sa-20120404-webex
Izvor:
Cisco
Problem:
Uočeno je da dolazi do preljeva međuspremnika u radu ranjivog programskog paketa.
Posljedica:
Udaljeni napadač može iskoristiti ranjivosti za pokretanje proizvoljnog programskog koda.
Rješenje:
Svim korisnicima se savjetuje korištenje odgovarajućih zakrpi.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco
WebEx Player
Advisory ID: cisco-sa-20120404-webex
Revision 1.0
For Public Release 2012 April 4 16:00 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
The Cisco WebEx Recording Format (WRF) player contains three buffer
overflow vulnerabilities. In some cases, exploitation of the
vulnerabilities could allow a remote attacker to execute arbitrary code
on the system with the privileges of a targeted user.
The Cisco WebEx Players are applications that are used to play back
WebEx meeting recordings that have been recorded on a WebEx meeting
site or on the computer of an online meeting attendee. The players can
be automatically installed when the user accesses a recording file that
is hosted on a WebEx meeting site. The players can also be manually
installed for offline playback after downloading the application from
www.webex.com.
If the WRF player was automatically installed, it will be automatically
upgraded to the latest, nonvulnerable version when users access a
recording file that is hosted on a WebEx meeting site. If the WRF
player was manually installed, users will need to manually install a
new version of the player after downloading the latest version from
www.webex.com.
Cisco has updated affected versions of the WebEx meeting sites and WRF
player to address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk98YzcACgkQQXnnBKKRMNCTmQD/VY6JJbsShxFPEOhYw/LWLtkE
yW4X11Smv2wub8CSMWQA/i4FPoQK9LFWzv6Vtskr7GvTF9i6RNOs5sffl+WilfCC
=H8ML
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
To unsubscribe, send the command "unsubscribe" in the subject of your message to
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke