Search:Vulnerability:23.10.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Cisco PIX / ASA multiple security vulnerabilities
Published: 23.10.2008
Source: BUGTRAQ
SecurityVulns ID: 9377
Type: remote
Level: 6/10
Description: Windows NT domain authentication bypass, IPv6 DoS, DoS because of memory leak in crypto accelerator

Affected: CISCO : PIX 7.0
CISCO : PIX 7.1
CISCO : PIX 7.2
CISCO : PIX 8.0
CISCO : PIX 8.1
CVE: CVE-2008-3817 (Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator.")
CVE-2008-3816 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.)
CVE-2008-3815 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.)

Original document CISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA (23.10.2008)

Discuss: Read or add your comments to this news (0 comments)

Symantec Veritas Storage Foundation unauthorized access
updated since 23.10.2008
Published: 26.10.2008
Source: BUGTRAQ
SecurityVulns ID: 9376
Type: local
Level: 5/10
Description: qioadmin utility allows local files read access. qiomkfile allows memory content reading.

Affected: SYMANTEC : Veritas Storage Foundation 5.0
CVE: CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message.)
CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.)

Original document Security Objectives Corporation, SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability (26.10.2008)

Security Objectives Corporation, SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability (23.10.2008)

Discuss: Read or add your comments to this news (0 comments)

test server