Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2011.0218 A number of vulnerabilities have been identified in Cisco Secure Desktop 24 February 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Secure Destkop Publisher: Zero Day Initiative Operating System: Windows Linux variants Mac OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2011-0926 CVE-2011-0925 Original Bulletin: http://www.zerodayinitiative.com/advisories/ZDI-11-091/ http://www.zerodayinitiative.com/advisories/ZDI-11-092/ Comment: This bulletin contains two (2) Zero Day Initiative security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- (0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability ZDI-11-091: February 23rd, 2011 CVE ID CVE-2011-0926 CVSS Score 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) Affected Vendors Cisco Affected Products Secure Desktop TippingPoint IPS Customer Protection TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 8247. For further product information on the TippingPoint IPS: http://www.tippingpoint.com Vulnerability Details This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx ActiveX control. The vulnerable Cisco-signed ActiveX control verifies the signing authority names in the certificate chain but fails to properly verify the digital signature of an executable file that is downloaded and executed by the Cisco Secure Desktop installation process. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. Vendor Response Cisco states: Disclosure Timeline 2010-09-14 - Vulnerability reported to vendor 2011-02-23 - Coordinated public release of advisory Credit This vulnerability was discovered by: Anonymous - -------------------------------------------------------------------------------- (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability ZDI-11-092: February 23rd, 2011 CVE ID CVE-2011-0925 CVSS Score 8.3, (AV:N/AC:M/Au:N/C:P/I:P/A:C) Affected Vendors Cisco Affected Products Secure Desktop TippingPoint IPS Customer Protection TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 8247. For further product information on the TippingPoint IPS: http://www.tippingpoint.com Vulnerability Details This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco- signed executable file remotely. Vendor Response Cisco states: Disclosure Timeline 2010-08-25 - Vulnerability reported to vendor 2011-02-23 - Coordinated public release of advisory Credit This vulnerability was discovered by: Anonymous - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFNZbQu/iFOrG6YcBERAnO0AJ0ZwPlwbUkl21u0AxkEYovlN8PGBQCZAY5e aFoeF4ugPABPW+X65yFzUbY= =Zks5 -----END PGP SIGNATURE-----