Security Hero Rotating Header Image

June 25th, 2008:

Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability

Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability

This is the Cisco PSIRT response to a security advisory regarding a vulnerability in Common UNIX Printing System (CUPS). The CUPS security advisory can be found at http://www.cups.org/str.php?L2561.

URL: http://www.cisco.com/en/US/products/products_security_response09186a00809a1f11.html

Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities

Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities

Cisco Unified Communications Manager (CUCM), formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Computer Telephony Integration (CTI) Manager service that may cause an interruption in voice services and an authentication bypass vulnerability in the Real-Time Information Server (RIS) Data Collector that may expose information that is useful for reconnaissance.

URL: http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml

Rise in SQL Injection Attacks Exploiting Unverified User Data Input – 6/25/2008

Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data Input – 6/25/2008

Revision Note: June 25, 2008: Removed erroneous references to form field and cookie value testing from the HP Scrawlr tool description. Advisory Summary:Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.

URL: http://www.microsoft.com/technet/security/advisory/954462.mspx