Category: SANS Internet Storm Center

telnetd rulez: Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability, (Wed, Oct 22nd) 0

telnetd rulez: Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability, (Wed, Oct 22nd)

We received the following vulnerability advisory for a remote code execution vuln identified and reported in Ciscos Ironport WSA Telnetd. Vendor: Cisco Product web page: http://www.cisco.com Affected version: Cisco Ironport WSA – AsyncOS 8.0.5 for Web build 075 Date: 22/05/2014 Credits: Glafkos Charalambous CVE: CVE-2011-4862 CVSS Score: 7.6 Impact: Unauthenticated Remote Code Execution with elevated privileges Description: The Cisco Ironport WSA virtual appliances are vulnerable to an old FreeBSD telnetd encryption Key ID buffer overflow which allows remote attackers to execute arbitrary code (CVE-2011-4862)

Apple Multiple Security Updates, (Mon, Oct 20th) 0

Apple Multiple Security Updates, (Mon, Oct 20th)

Apple released security update today for iOS 8 and Apple TV 7. iOS 8.1 (APPLE-SA-2014-10-20-1 iOS 8.1) is now available for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later, to addresses the following: Bluetooth CVE-2014-4448 House Arrest CVE-2014-4448 iCloud Data Access CVE-2014-4449 Keyboards CVE-2014-4450 Secure Transport CVE-2014-3566 Apple TV 7.0.1 (APPLE-SA-2014-10-20-2 Apple TV 7.0.1) is now available for Apple TV 3rd generation and later, to address the following: Bluetooth CVE-2014-4428 Secure Transport CVE-2014-3566 [1] https://support.apple.com/kb/HT1222 ———– Guy Bruneau IPSS Inc.

Apple Updates (not just Yosemite), (Fri, Oct 17th) 0

Apple Updates (not just Yosemite), (Fri, Oct 17th)

Apple yesterday released the latest version of its operating system, OS X 10.10 Yosemite. As usual, the new version of the operating system does include a number of security related bug fixes, and Apple released these fixes for older versions of OS X today. This update, Security Update 2014-005 is available for versions of OS X back to 10.8.5 (Mountain Lion)