|
|
|
Sunday, 24 January 2010 06:00 |
KUWAIT CITY, Kuwait, 24 January 2010 - Cisco today announced a series of ongoing initiatives to support Kuwaits education development in the region, including the appointment of the company as an official strategic technology partner for Kuwaits Public Authority for Applied Education & Training (PAAET) and the Kuwait Information Centre. The first phase of the ...
Source : http://newsroom.cisco.com/dlls/2010/prod_012310.html?CMP=AF17154&vs_f=News@Cisco:+Latest+Security+News&vs_p=News@Cisco:+Latest+Security+News&vs_k=1 |
|
Saturday, 16 January 2010 05:29 |
On Tuesday, January 12th, Microsoft released security update MS10-001 - Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Microsoft Windows 2000, and is rated Low for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Microsoft ratings for MS10-001: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution MS10-001 addresses the following CVE: Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability - CVE-2010-0018 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0018 A remote code execution vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) Font Engine decompresses specially crafted EOT fonts. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=989688&poid= |
|
Friday, 18 December 2009 22:42 |
NTP (Network Time Protocol) contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition. NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a "restrict ... noquery" or "restrict ... ignore" segment, ntpd will reply with a mode 7 error response and log a message. If an attacker spoofs the source address of ntpd host A in a mode 7 response packet sent to ntpd host B, both A and B will continuously send each other error responses, for as long as those packets get through. If an attacker spoofs an address of ntpd host A in a mode 7 response packet sent to ntpd host A, then host A will respond to itself endlessly, consuming CPU and logging excessively. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=985679&poid= |
|
Tuesday, 15 December 2009 22:40 |
Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks. By convincing a user to view a specially crafted web page, a remote attacker may be able to obtain VPN session tokens and read or modify content (including cookies, script, or HTML content) from any site accessed through the clientless SSL VPN. This effectively eliminates same origin policy restrictions in all browsers. Because all content runs at the privilege level of the web VPN domain, mechanisms to provide domain-based content restrictions, such as Internet Explorer security zones and the Firefox add-on NoScript, may be bypassed. For example, the attacker may be able to capture keystrokes while a user is interacting with a web page. For additional information about impacts, please review CERT Advisory CA-2000-02. There is no solution to this problem. Depending on their specific configuration and location in the network these devices may be impossible to operate securely. Administrators are encouraged to view the workarounds detailed in the Solutions section of the US-CERT Vulnerability Note for the following: 1. Limit URL rewriting to trusted domains 2. Block the VPN server from accessing untrusted domains 3. Disable URL hiding features Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744&poid= |
|
|
|
|
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
|
|
Page 1 of 52 |
