| |
 |
 |
 |
|
|
|
|
Date: 03 June 2011
Click here for printable version
AusCERT Week in Review for 03 June, 2011
Greetings,
While this week has been a relatively quiet week, there were a number of vulnerabilities of note announced. Of particular note are bulletins released by ISC, Symantec and Cisco.
First up, ISC released BIND 9.4-ESV-R4-P1. This release corrects an issue which could allow a BIND 9 DNS server which is set up as a caching resolver to be vulnerable to a crash when a user queries a domain with large resource record sets while trying to negatively cache a response from the server.
Symantec released a bulletin regarding a potential man-in-the-middle vulnerability in Symantec Backup Exec for Windows, and Symantec Backup Exec 2010. Exploitation of this vulnerability requires network authorisation, or an unauthorised presence on an authorised system.
Cisco released four bulletins this week, two of which dealt with default administrator passwords installed with Cisco Network Registrar and shipped on Cisco Media Experience Engine 5600. [3,4] A third bulletin, for Cisco AnyConnect Secure Mobility Client, dealt with a code execution vulnerability and a local privilege escalation vulnerability. [5] Finally, the most interesting of the Cisco bulletins, described three vulnerabilities in Cisco Unified IP Phones 7900 Series, which could allow attackers to escalate privileges to make configuration changes or obtain potentially sensitive information, or even to load a modified software image into these phones. [6]
Have a great weekend!
Jonathan
|
|
|
|
 |
|
 |
|
|