Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0963 Cisco Unified Computing System Platform Emulator Command Injection 15 April 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Unified Computing System (UCS) Publisher: Cisco Systems Operating System: Virtualisation Cisco Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-1340 CVE-2016-1339 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2 Comment: This bulletin contains two (2) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Security Advisory Cisco Unified Computing System Platform Emulator Command Injection Vulnerability Medium Advisory ID: cisco-sa-20160414-ucspe1 Published: 2016 April 14 16:00 GMT Version 1.0: Final CVSS Score: Base - 6.8 Workarounds: No workarounds available Cisco Bug IDs: CSCux68832 CVE-2016-1339 CWE-78 Email Summary A vulnerability in the Cisco Unified Computing System (UCS) Platform Emulator could allow an authenticated, local attacker to perform a command injection attack. The vulnerability occurs because the affected system improperly handles ucspe-copy command-line arguments. An attacker could exploit this vulnerability by using crafted command arguments on the system. An exploit could allow the attacker to perform a command injection attack, which could allow the attacker to execute arbitrary commands on the system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1 Affected Products Vulnerable Products Cisco Unified Computing System Platform Emulator is affected. Products Confirmed Not Vulnerable This vulnerability does not affect Cisco UCS Manager. No other Cisco products are currently known to be affected by this vulnerability. Workarounds Workarounds are not available. Fixed Software Information about fixed software is documented in the Cisco bug, which is accessible through the Cisco Bug Search Tool. When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source This vulnerability was reported to Cisco by Jacob Baines of Tenable Network Security. URL http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1 Revision History Version Description Section Status Date 1.0 Initial public release. Final 2016-April-14 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - ------------------------------------------------------------------------------- Cisco Security Advisory Cisco Unified Computing System Platform Emulator Filename Argument Handling Buffer Overflow Vulnerability Medium Advisory ID: cisco-sa-20160414-ucspe2 Published: 2016 April 14 16:00 GMT Version 1.0: Final CVSS Score: Base - 6.8 Workarounds: No workarounds available Cisco Bug IDs: CSCux68837 CVE-2016-1340 CWE-119 Summary A vulnerability in Cisco Unified Computing System (UCS) Platform Emulator could allow an authenticated, local attacker to trigger a heap-based buffer overflow on a targeted system. The vulnerability occurs because the affected system improperly handles libclimeta.so filename arguments. An attacker could exploit this vulnerability by sending crafted filename arguments to the system. An exploit could allow the attacker to execute code on the system or cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2 Affected Products Vulnerable Products Cisco Unified Computing System Platform Emulator is affected. Products Confirmed Not Vulnerable This vulnerability does not affect Cisco UCS Manager. No other Cisco products are currently known to be affected by this vulnerability. Workarounds Workarounds are not available. Fixed Software Information about fixed software is documented in the Cisco bug, which is accessible through the Cisco Bug Search Tool. When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source This vulnerability was reported to Cisco by Jacob Baines of Tenable Network Security. URL http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2 Revision History Version Description Section Status Date 1.0 Initial public release. Final 2016-April-14 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVxAzM36ZAP0PgtI9AQL7JQ/+MTWjam9prt7S4kEqnzPJ5ER8iQgc6jYP haB5lRbPf2e9F7tQ1XJonl7egOTDV1fQJu0qnu9i6Rt0aspeTjE4fNnRTgZ9v0as iIFRyFTaBQQr3BFx/B+Q0G9TqmlN6lcYi7PtRtZsjTBbFdrBlNV270yZaTiVhiz4 96Kv0vvEM1KRmsQk55B6ZzizZjnkez9vCYQqT2JhKydjgIzVhqefICBO0ooPKFMT 8kT00LengxoRcSVEIIuKPlvtBfljsy1dvxQe2C4PzrzBEk+z4a7fcTp4L2y0s/AW nGRnQZytKh4auyIk+3CGT59Nc6QuTGleO9TL15151izJ1Mw6NKzCO6TD3oQFvFeB tXjy8Z1VbkpTQIcFllAT1QpPkQkUVewLhPHYVeRvXapijDgTmBXOTCJZO+aeVUa+ T/LjZpOK/1wKnmZkWcm7vDreoOfpBLdahIt63R27xfKZBO5NZ/5Wgbgb5BpBsHUq 3lSijukHea9rxk9G0ny9nhALiyNkVoHkN3ji6v0bAfgI53pd8aUFUw5634gFGLP7 2YfCk6LM1xagipiZoj64xxdVuI40P/UqknMCE6sR4SC4jU3SGY1yDro31IStP0iJ P+5mjZLldvkXziuA48YIwvmWaxZFqPGiVqcBHcyChzcSrHisGc8HNcx3S2o2g+2i DhDxO47ci5w= =UKxZ -----END PGP SIGNATURE-----