VMware Advisory - UDF file system handling

Published: 2011-10-05
Last Updated: 2011-10-05 17:31:13 UTC
by Jim Clausing (Version: 1)
1 comment(s)

VMware has released security advisory VMSA-2011-0011 which describes a remote code execution vulnerability in VMware Workstation 7.1.4 and earlier, VMware player 3.1.4 and earlier, and VMware Fusion 3.1.2 and earlier.  Note, VMware released Workstation 8 and Fusion 4 late last month, so if you have upgraded to the bleeding edge, you are not affected.

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

1 comment(s)

Cisco Advisories - FWSM, ASA, and NAC

Published: 2011-10-05
Last Updated: 2011-10-05 17:18:38 UTC
by Jim Clausing (Version: 1)
0 comment(s)

On the heels of the 11 bulletins (mostly IOS) that they released last week, Cisco has released 3 more today.

 The FWSM bulletin covers 4 DoS issues and one authentication bypass.  The ASA bulletin covers 2 of the same DoS issues, the same auth bypass, plus 1 additional DoS.  The NAC bulletin covers a directory traversal issue (by an unauthenticated user) against the (HTTPS) management interface.

References:

http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: cisco
0 comment(s)

Adobe SSL Certificate Problem (fixed)

Published: 2011-10-05
Last Updated: 2011-10-05 02:09:20 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Tuesday morning, we received a number of reports from readers indicating that the SSL certificate used for "settings.adobe.com" was out of date. Initially, we had a hard time reproducing the finding. But some of our handlers in Europe were able to see the expired certificate.

The expired certificate was valid from Oct 6th  2009 to Oct 6h 2010. Which is somewhat unusual. Typically, we would expect a certificate that "just expired yesterday" and someone forgot to renew it. In this case, it looked more like someone installed an older certificate instead of the new one.

The correct certificate was pretty much exactly a year old and valid for another year. Everything indicated that the Adobe certificates indeed expire in the first week of October.

In the end, we narrowed the affected geography down to Europe and contacted Adobe. Adobe responded promptly and as of this evening, the problem appears to be fixed. Thanks everybody who helped via twitter narrowing down the affected geography and thanks to the readers reporting this initially.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: adobe ssl
0 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives