Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Open Office WMF Heap Overflow Patch available.

Published: 2007-01-04
Last Updated: 2007-01-04 16:20:21 UTC
by Chris Carboni (Version: 1)
0 comment(s)
Juha-Matti alerted us to the availability of the patch for the Open Office WMF Heap Overflow reported here.

The vulnerability involves an overflow in the processor for WMF and EMF files that could cause arbitrary code to be executed if a victim opens a specially crafted WMF/EMF file.

According to Red Hat this is under review as CVE-2006-5870.

Keywords:
0 comment(s)

Multiple Vulnerabilities in Cisco Clean Access

Published: 2007-01-04
Last Updated: 2007-01-04 14:37:01 UTC
by Chris Carboni (Version: 1)
0 comment(s)
Fellow handler Jim Clausing (thanks Jim) let us know about new vulnerabilities in Cisco Clean Access (CCA).

Summary

Cisco Clean Access (CCA) is a software solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network. It consists of Cisco Clean Access Manager (CAM) and Cisco Clean Access Server (CAS) devices that work in tandem.

Cisco Clean Access is affected by the following vulnerabilities:

  • Unchangeable shared secret
  • Readable snapshot files
The full advisory is available here


Keywords:
0 comment(s)
Diary Archives