Cisco Vulns, OS X DoS, SWFIntruder

A cross site scripting vulnerability has been found in CiscoWorks. The XSS is present in the initial login page. Attackers could use this to steal cookies or execute arbitrary html or script code on a remote user. CiscoWorks versions 2.6 and prior are vulnerable, and Cisco has released a patch for this issue.

The Cisco 7940 SIP Phone is vulnerable to an interesting denial of service. Sending malformed SIP INVITE messages to a 7940 phone can cause the device to reboot, or be put under the DoS condition. If INVITE packets are then sent at certain intervals, the DoS condition will persist. The phone will be in a seemingly working condition, where it continues to send REGISTER commands to the server, but will ring busy on incoming calls and return busy on any calls made by the user. There was no patch or update listed with the advisory.

Cisco Security Agent (CSA) for Windows and Cisco Security Manager are vulnerable to a remote buffer overflow attack. This can be exploited by sending a specially crafted TCP message to port 139 or 445 on a system running the CSA. This could result in a stop error (blue screen) or remote code execution. Cisco has released a free software update to address this vulnerability.

Two Denial of Service attacks for MacOS X have had their exploit code released. The first is in the vpnd which has been tested in Apple MACOS X 10.5.0. The second DoS in a local one in the kernel. This has been testing in Apple MACOS X 10.4 (xnu-792.22.5~1/RELEASE_I386), Apple MACOS X 10.5.1 (xnu-1228.0.2~1/RELEASE_I386) and Apple MACOS X 10.5.1 (xnu-1228.0.2~1/RELEASE_PPC).

WabiSabi Labs (the online exploit auction group), reportedly has a QuickTime vulnerability that could result in remote code execution that is different from the one we mention in “QuickTime 7.2/7.3 RTSP Exploits” (https://stateofsecurity.com/?p=162). We have no way to accurately verify this information though.

A new tool has been released yesterday. The tool, SWFIntruder, is “the first tool specifically developed for analyzing and testing security of Flash applications at runtime.” [1] This looks to be a powerful tool to test flash implementations for the presence of XSS of XSF issues in a semi automated manner. If you are responsible for testing web applications, this may be a tool you’ll want to have a look at.

1. https://www.owasp.org/index.php/Category:SWFIntruder