AlienVault R&D Labs Portal. Get the latest news from our research.
Header

Advisory: Cisco IOS HTTP client DoS

October 18th, 2011 | Posted by jaime.blasco in Advisory | Blog | Vulnerability Management - (1 Comments)

DESCRIPTION:
There is a problem with the HTTP client implementation on Cisco IOS. If an administrator loads an application service via these commands:

router#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#application
router(config-app)#service name http://ip_address/
router(config-app-param)#end

and the HTTP server responds with a special crafted HTTP response, the device will crash.

AFFECTED VERSIONS:
The vulnerability has been detected in a wide branch of Cisco IOS.

VENDOR RESPONSE:
http://tools.cisco.com/security/center/viewAlert.x?alertId=24436

CREDITS:
Jaime Blasco, Alienvault Labs

jaime.blasco

At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

More Posts - Website

Follow Me:
TwitterLinkedIn

, , ,

0-day in Microsoft IIS 5/6 FTP

September 1st, 2009 | Posted by jaime.blasco in Alienvault OSSIM | Attacks | Vulnerability Management - (Comments Off)

A 0-day exploit in Microsoft IIS 5/6 FTP was recently published on Milw0rm while HDMoore is porting the bug to Metasploit.

Alienvault’s feed customers are protected with the directive released today:

  • 45046 :AV Possible 0day IIS FTP Exploit against DST_IP

    • http://isc.sans.org/diary.html?storyid=7039

    UPDATE:

    We have previously coverage with two directives present on Alienvault Professional Feed:

  • 45024: AV Possible FTP Exploit attempt against DST_IP
  • 45025: AV Possible FTP Exploit attempt against DST_IP (FTP preprocessor)

    • jaime.blasco

    At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

    More Posts - Website

    Follow Me:
    TwitterLinkedIn

    , , , , ,

    Infocon raised to yellow for Excel Activex vulnerability

    July 14th, 2009 | Posted by jaime.blasco in Alienvault OSSIM | Attacks | Exploits | Vulnerability Management - (Comments Off)

    Microsoft has released an advisory related to Office Web Components Activex. The ISC has raised the Infocon to yellow due to the active exploitation of the vulnerability
    from several .cn domains.

    Alienvault’s feed customers are protected and covered with these directives:

  • 45050: AV Possible Malicious Server exploiting Excel ActiveX Client against DST_IP (CVE-2009-1136)
  • 45051: AV Possible Excel ActiveX Client side attack detected against SRC_IP (CVE-2009-1136)
  • 45052: AV Possible Excel ActiveX Client Side Attack against DST_IP from a compromised host (CVE-2009-1136)

    • http://isc.sans.org/diary.html?storyid=6778

    http://www.microsoft.com/technet/security/advisory/973472.mspx

    jaime.blasco

    At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

    More Posts - Website

    Follow Me:
    TwitterLinkedIn

    , , , , ,

    Microsoft Exploitability Index

    October 15th, 2008 | Posted by jaime.blasco in Vulnerability Management - (Comments Off)

    Microsoft has just added a new index to new security bulletins to provide additional information about the potential exploitability of vulnerabilities associated with a Microsoft security update.

    The index classify each vulnerability with the Exploitability Index Assessment that indicate the likelihood of functioning exploit code, the three possible values are:

    • - 1 Consistent exploit code likely
    • - 2 Inconsistent exploit code likely
    • - 3 Functioning exploit code unlikely

    You can find additional information in this document and real examples in the new Microsoft Security Bulletin Summary for October 2008

    jaime.blasco

    At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

    More Posts - Website

    Follow Me:
    TwitterLinkedIn

    , ,