| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Apr 2015 18:03:40 +0200 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability Advisory ID: cisco-sa-20150415-csd Revision 1.0 For Public Release 2015 April 15 16:00 UTC (GMT) +---------------------------------------------------------------------- Summary ======= A vulnerability in a Cisco-signed Java Archive (JAR) executable Cache Cleaner component of Cisco Secure Desktop could allow an unauthenticated, remote attacker to execute arbitrary commands on the client host where the affected .jar file is executed. Command execution would occur with the privileges of the user. The Cache Cleaner feature has been deprecated since November 2012. There is no fixed software for this vulnerability. Cisco Secure Desktop packages that includes the affected .jar files have been removed and are not anymore available for download. Because Cisco does not control all existing Cisco Secure Desktop packages customers are advised to ensure to ensure that their Java blacklists controls have been updated to avoid potential exploitation. Refer to the "Workarounds" section of this advisory for additional information on how to mitigate this vulnerability. Customers using Cisco Secure Desktop should migrate to Cisco Host Scan standalone package. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVLoBCAAoJEIpI1I6i1Mx3jqoP/3YokxHktgbCs1FMmWGpsAQy QYUf80APQYeDDmkPNVoYgD7dgYWrohukrVtfjrM1hJ5DYFWV6LZiWSJYQy/RZbRz 2FWPJc2NoAXZZVUwk/QUFg5rBsaBJ8UW8E1+TkLjiG6fDTgq4KABfUzVBAoj7/R2 iiTuagamL5xuVEJouY+HbrKHBIxOn4FpFVOoWE/Ah1nvGOQe2U/R3Ws9wMvCCoFA +jkSWMjody88RUxykHqkQSz7jjIKCPMQEN6zuMCD6lnbzF39HTMLNdyNf40bnDcJ C8FakUnT0ULBiwCqdRiNoxs6g6yaaA+y9yPynTXQEOAuxu1vSQoiVvZZ+U6Rzr+7 ot3tO0CmlweY0joL9bqTLvPvf7uM2IHqrwhqmhii7NPq1BXmrKeYQSF2EJghhe3t 0+ACNmEdL/xmP71sNOKSeZnSVJU6yTfENx08LeP5vTqqOqUwSO/oK72OAfuY5CmY X6dDP2C4AolnecYuO12r4ig69qKsopuAQxV12eq6qENu/RkTF7Sk3ToF2fOfupEJ t6l2V1IzSVmKbix1rqBTzmnEMTe0Rg0YY1sZAN0otDZUZe61cn3iL+vKX1/ScvaU ISE6scZ7d/F9bfcrruw1Q38UvmqrZ8ojp5hJ0EL7nixlIdN3dTmsqfK6LrT9sX4/ Iim9WdrACjZ91xLsKO0X =E1eG -----END PGP SIGNATURE-----
Powered by blists - more mailing lists