Category: Security Advisories
03/12/10
CVE-2010-0624: Heap-Based Overflow in GNU Tar and GNU Cpio
GNU Tar and GNU Cpio are used for managing archives on many *nix distributions (note: most BSD distributions including MacOSX use bsdtar). Both GNU TAR and GNU Cpio are capable of using the RMT protocol - a protocol used for accessing tape devices on re… more »
03/04/10
12:45:05 am, by Zach Brewer, 110 words
Categories: Security Advisories, General Security, Cisco Security
Cisco Unified Communication Manager (Former Call Manager) Denial of Service - cisco-sa-20100303-cucm
Denial of Service (DoS) vulnerabilitieshave been identified in Cisco Unified Communication Manager (formerly known as Cisco CallManager). Exploitation is accomplished with either malformed CTI Manager Messagages, malformed SIP Message Vulnerabilities, a… more »
03/02/10
Don't touch that! It's Hot! - Or, your F1 Key is the enemy.
Microsoft issued a security advisory (981169) on March 1, 2010 which impacts supported versions of Windows 2000, 2003, and XP using Internet Explorer. This is related to how VBScript interacts with windows help files when using IE. If exploited, a malici… more »
ShmooCon 2010: Closing the TLS Authentication Gap Thoughts (Or Why Coordinating Disclosure of a Protocol-Level, Multi-Vendor Vulnerability is Like Herding Cats)
If you attended ShmooCon 2010, you likely witnessed and/or experienced:2 feet of snow falling in 24 hoursA hotel roof collapse (ok, so it was a single section of glass from the atrium)Snowball fights and snowball induced tree avalanchesSledding… more »
02/18/10
08:42:53 am, by Zach Brewer, 126 words
Categories: Cisco Security Agent, Security Advisories, Cisco Security
Multiple CSA 5.1, 5.2, and 6.0 Vulnerabilities
Multiple CSA vulnerabilities were disclosed yesterday by Cisco PSIRT including: CSA 6.0 directory traversal vulnerability CSA 5.2 Denial of Service (DoS)vulnerabilityCSA MC directory traversal and SQL injection vulnerabilitiesCSA 5.2 Agent for… more »
XML Feeds