-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.0218
 A number of vulnerabilities have been identified in Cisco Secure Desktop
                             24 February 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Secure Destkop
Publisher:         Zero Day Initiative
Operating System:  Windows
                   Linux variants
                   Mac OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2011-0926 CVE-2011-0925 

Original Bulletin: 
   http://www.zerodayinitiative.com/advisories/ZDI-11-091/
   http://www.zerodayinitiative.com/advisories/ZDI-11-092/

Comment: This bulletin contains two (2) Zero Day Initiative security 
         advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

(0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability
ZDI-11-091: February 23rd, 2011

CVE ID

      CVE-2011-0926 

CVSS Score

      9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) 

Affected Vendors

      Cisco

Affected Products

      Secure Desktop

TippingPoint IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital 
Vaccine protection filter ID 8247. For further product information on the 
TippingPoint IPS:

      http://www.tippingpoint.com 

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on 
vulnerable installations of Cisco Secure Desktop. User interaction is required 
to exploit this vulnerability in that the target must visit a malicious page 
or open a malicious file.

The specific flaw exists within CSDWebInstaller.ocx ActiveX control. The 
vulnerable Cisco-signed ActiveX control verifies the signing authority names 
in the certificate chain but fails to properly verify the digital signature of 
an executable file that is downloaded and executed by the Cisco Secure Desktop 
installation process. A remote attacker can exploit this vulnerability to 
execute arbitrary code under the context of the browser.

Vendor Response

Cisco states:


Disclosure Timeline

      2010-09-14 - Vulnerability reported to vendor
      2011-02-23 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:

      Anonymous

- --------------------------------------------------------------------------------

(0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote 
Code Execution Vulnerability
ZDI-11-092: February 23rd, 2011

CVE ID

      CVE-2011-0925 

CVSS Score

      8.3, (AV:N/AC:M/Au:N/C:P/I:P/A:C) 

Affected Vendors

      Cisco

Affected Products

      Secure Desktop

TippingPoint IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital
Vaccine protection filter ID 8247. For further product information on the 
TippingPoint IPS:

      http://www.tippingpoint.com 

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on 
vulnerable installations of Cisco Secure Desktop. User interaction is required 
to exploit this vulnerability in that the target must visit a malicious page or 
open a malicious file.

The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl 
ActiveX control allows downloading and executing any Cisco-signed executable
files. By renaming a Cisco-signed executable file to inst.exe and putting it on 
a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-
signed executable file remotely.

Vendor Response

Cisco states:


Disclosure Timeline

      2010-08-25 - Vulnerability reported to vendor
      2011-02-23 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:

      Anonymous

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFNZbQu/iFOrG6YcBERAnO0AJ0ZwPlwbUkl21u0AxkEYovlN8PGBQCZAY5e
aFoeF4ugPABPW+X65yFzUbY=
=Zks5
-----END PGP SIGNATURE-----