Izdana je revizija sigurnosnog upozorenja oznake cisco-sa-20120620-ac prvotno objavljenog 20. lipnja 2012. godine. Izvorna preporuka upozoravala je na višestruke propuste Cisco AnyConnect Secure Mobility klijenta koje je udaljeni napadač mogao iskoristiti za izvođenje proizvoljnog programskog koda te zamjenu trenutne inačice spomenute aplikacije sa starijom.
Apple Mac OS X 10.5, Apple Mac OS X 10.6, Apple Mac OS X 10.7, Fedora 15, Fedora 16, Fedora 17, HP-UX 11.x, IBM AIX 7.x, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7, openSUSE 12.1, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, Sun Solaris 10, Sun Solaris 11, Ubuntu Linux 11.0, Ubuntu Linux 11.04, Ubuntu Linux 11.10, Ubuntu Linux 12.04
Problem:
neodgovarajuća provjera ulaznih podataka
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija, proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-4655
Izvorni ID preporuke:
cisco-sa-20120620-ac
Izvor:
Cisco
Problem:
Propusti nastaju kao posljedica neodgovarajuće provjere ulaznih podataka u komponentama ActiveX i Java namijenjenih za izvođenje WebLaunch VPN downloader funkcionalnosti. Revizija je izdana zbog propusta u izvornoj preporuci, koja ne navodi da su navedeni propusti vezani i uz Cisco Secure Desktop.
Posljedica:
Zlonamjerni korisnik može iskoristiti navedene ranjivosti za izvršavanje proizvoljnog programskog koda te zamjenu trenutne inačice spomenute aplikacije sa starijom.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect
Secure Mobility Client
Advisory ID: cisco-sa-20120620-ac
Revision 2.0
Last Updated 2012 September 19 16:01 UTC (GMT)
For Public Release 2012 June 20 16:00 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
The Cisco AnyConnect Secure Mobility Client is affected by the following
vulnerabilities:
* Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code
Execution Vulnerability
* Cisco AnyConnect Secure Mobility Client VPN Downloader Software
Downgrade Vulnerability
* Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop
Hostscan Downloader Software Downgrade Vulnerability
* Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader
Arbitrary Code Execution Vulnerability
* Cisco Secure Desktop Arbitrary Code Execution Vulnerability
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate these vulnerabilities are
available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
Note: Revision 2.0 of this advisory corrects an inadvertent omission in
the original advisory, which failed to list that the fixes also address
a vulnerability in Cisco Secure Desktop, described by CVE-2012-4655.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlBZ8RsACgkQUddfH3/BbTrMXAD+KzDhX4MHl8balbQ1dcfDrmeu
LwCqi3iKEPcAqHsa3sYBAI6GvgsZ99r1+5O3p7WBHGvWwcgRPQdAdSaWXznICylf
=J7RB
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
To unsubscribe, send the command "unsubscribe" in the subject of your message to
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke