Cisco AsyncOS Patch , (Fri, Mar 21st)

 SANS Internet Storm Center, Security Alerts  Comments Off on Cisco AsyncOS Patch , (Fri, Mar 21st)
Mar 202014
 

Cisco released a patch for AsyncOS, the operating system used in it's E-Mail Security Appliance (ESA) and Security Management Appliance (SMA).

The vulnerability is exploited by an authenticated attacker uploading a crafted blocklist file. The file has to be uploaded via FTP, so this vulnerability is only exploitable if the FTP service is enabled. Once the blacklist is pared, arbitrary commands are executed.

This sounds like an OS command injection vulnerability. The parameters (assumed to be IP addresses) are likely passed as arguments to a firewall script, but if the address includes specific characters (usually ; or & ?) , additional commands can be executed.

Time to patch, but given that the attacker has to be authenticated, makes this a less severe vulnerability then other arbitrary code execution vulnerabilities.

[1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos

——
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

MS14-013 – Critical : Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961) – Version: 1.0

 Microsoft Security Bulletins  Comments Off on MS14-013 – Critical : Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961) – Version: 1.0
Mar 112014
 

Severity Rating: Critical
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-015 – Important : Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275) – Version: 1.0

 Microsoft Security Bulletins  Comments Off on MS14-015 – Important : Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275) – Version: 1.0
Mar 112014
 

Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.

MS14-012 – Critical : Cumulative Security Update for Internet Explorer (2925418) – Version: 1.0

 Microsoft Security Bulletins  Comments Off on MS14-012 – Critical : Cumulative Security Update for Internet Explorer (2925418) – Version: 1.0
Mar 112014
 

Severity Rating: Critical
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and seventeen privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

%d bloggers like this: