Category: Research & Alerts

VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability 0

VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability

Vulnerability Note VU#327976 Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability Original Release date: 11 Feb 2016 | Last revised: 11 Feb 2016 Overview Cisco Adaptive Security Appliance (ASA) Internet Key Exchange versions 1 and 2 (IKEv1 and IKEv2) contains a buffer overflow vulnerability that may be leveraged to gain remote code execution. Description CWE-119 : Improper Restriction of Operations within the Bound of a Memory Buffer – CVE-2016-1287 According to the advisory by Exodus Intelligence : The algorithm for re-assembling IKE payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data. A sequence of payloads with carefully chosen parameters causes a buffer of insufficient size to be allocated in the heap which is then overflowed when fragment payloads are copied into the buffer

Tomcat IR with XOR.DDoS, (Thu, Feb 11th) 0

Tomcat IR with XOR.DDoS, (Thu, Feb 11th)

Apache Tomcat is a java based web service that is used for different applications. While you may have it running in your environment, you may not be familiar with its workings to provide adequate incident response “> “> “> 0 S root 31847 1 0 80 0 – 1124641 futex_ 2015 ? 02:36:33 /usr/bin/java -classpath /usr/share/apache-tomcat-7.0.65/bin/bootstrap.jar “> Here you can see that it is running from /usr/share/apache-tomcat-7.0.65

Adobe Patch Tuesday – February 2016, (Tue, Feb 9th) 0

Adobe Patch Tuesday – February 2016, (Tue, Feb 9th)

APSB16-03: Adobe Photoshop CC and Bridge CC 3 critical vulnerabilities that could lead to code execution with a priority rating of 3 (low): CVE-2016-0951, CVE-2016-0952, CVE-2016-0953. You may have to download the updates directly from Adobe as they will not show up in Creative Cloud Packager! APSB16-04: Adobe Flash Player 22 critical vulnerabilities that could lead to code execution.