July 30th, 2009 . by DarkFiber Consulting
Cisco has released a security advisory to address multiple vulnerabilities in Wireless LAN Controllers. The advisory addresses the following:
- Malformed HTTP or HTTPS authentication response denial-of-service vulnerability.
- SSH connections denial-of-service vulnerability.
- Crafted HTTP or HTTPS request denial-of-service vulnerability.
- Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability.
Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or gain full control over the Wireless LAN Controller.
DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20090727-wlc and apply any necessary updates or workarounds to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Addresses • Attacker • Authentication • Cisco • Cisco Security Advisory • Cisco Wireless • Control • Denial Of Service • Full Control • Lan Controller • Lan Controllers • Necessary Updates • Service Vulnerability • Vulnerabilities • Vulnerability Exploitation • Wireless Lan • Wlc • Workarounds
September 19th, 2008 . by DarkFiber Consulting
VMware has released a Security Advisory indicating it has updated the ESXi and ESX 3.5 packages to address a vulnerability in “openwsman”. This vulnerability is due to several buffer overflow conditions in the handling of HTTP basic authentication headers. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on the host running ESXi or ESX.
DarkFiber Consulting encourages users and administrators to review VMware Security Advisory VMSA-0008-0015 and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Arbitrary Code • Attacker • Authentication • Buffer Overflow • Necessary Updates • Overflow Conditions • Security Advisory • Vmware • Vulnerability