|
|
Your feedback makes our bulletin better! Please tell us what you love and what you would change at ips-news@cisco.com.
Please click here to view a web version of this bulletin.
Visit the Cisco Event Response for more information, analysis, and guidance on this month's
Microsoft Security Bulletin Release.
Please click here to download the latest IPS signature update package (sensor only).
Please click here to download the latest Cisco Security Manager (CSM) signature update package.
|
Important Notes
|
Signature Update version S550 introduced a bad value for one of the signature 23899.0 parameters in addition to retiring and disabling it. This bad parameter was included in signature updates 500-553, 555-559 and 7.0(5). See CSCtn84552.
Because this signature was retired and disabled, the bad parameter does not affect the functionality of the sensor.
Updating to S567 will resolve the problem. Signature 23899.0 has been retired, disabled and obsoleted.
After installing S567, verify that the sensor is seeing traffic by viewing the virtual sensor statistics. There is one condition when the sensor requires a reboot after the update is applied. (If you have modified 23899.0 prior to upgrading to S550 and upgraded to 7.0(5) when at signature update level S557 or less, you must reset the sensor after installing S567.)
If you installed one of the affected updates listed above and then modified 23899.0, you must restore 23899.0 to its default settings before updating to S567. (Note: if you attempt to install 567 prior to resetting 23899.0 to its defaults, the update will fail. If you are using CSM, you must revert the update on the sensor where the update failed prior to resetting 23899.0 to its defaults and then you can install S567.)
|
| Release S591 - August 26, 2011 |
Release Summary
+ 52 Retired Signatures
|
New Vulnerability and Exploit Protections
Cisco Digital Media Manager User Credential Information Disclosure Vulnerability
Vulnerability Disclosed: 3/3/2010, CVSS Base: 7.1, Temporal: 5.9
Cisco Digital Media Manager versions prior to 5.2 contain a vulnerability that could allow an authenticated, remote attacker to view sensitive information.
This vulnerability is due to unsafe handling of user credentials. An authenticated, remote attacker could exploit this vulnerability by viewing error logs or in-use memory that may contain stored user credentials. If successful, the attacker could obtain usernames and passwords of other system users.
Cisco has confirmed this vulnerability in a security advisory and released updated software.
More Details:
CVE-2010-0572
Cisco PSIRT: 111578
: cisco-sa-20100303-dmm
Opera file: URL Buffer Overflow Vulnerability
Vulnerability Disclosed: 11/20/2008, CVSS Base: 9.3, Temporal: 6.9
Opera versions 9.62 and prior contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.
The vulnerability is due to an input validation error when processing file: URLs. An attacker could cause a buffer overflow by launching a malicious file: URL from a local file on the user's system. Alternatively, the attacker could convince a user to manually enter the malicious URL. The buffer overflow could cause a DoS condition or allow the attacker to execute arbitrary code.
Opera has confirmed the vulnerability and released updated software.
Apache Range Retrieval Request Processing Denial of Service Vulnerability
Vulnerability Disclosed: 1/4/2007
Apache HTTP Server contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists because the affected software incorrectly processes a Range Retrieval Request header received via an HTTP request. Due to the flaw, on receiving a request with a 0-byte range or overlapping byte ranges, the affected software erroneously allocates a bucket for each byte requested and stores them in a brigade.
An unauthenticated, remote attacker could exploit this vulnerability by submitting HTTP requests to the targeted system. Processing such requests could result in excessive memory consumption to process a large number of buckets, leading to a DoS condition.
Proof-of-concept code that exploits this vulnerability is publicly available.
Administrators are advised to contact the vendor regarding future updates and releases. Until updates can be applied, administrators are advised to configure connection throttling or filtering of repetitive, abusive connection requests.
Apache has not confirmed the vulnerability and updated software is not available.
|
| |
| |
Retired Signatures
|
* Inline sensor with Event Action Override set to "deny-packet-inline" at Risk Rating 90 (Cisco default configuration)
|
|
Sensor Update Information
|
Signature Updates
Signature updates may be downloaded automatically by Cisco Security Manager (CSM), IPS Manager Express (IME) and Cisco Security Monitoring, Analysis, and Response System (CS-MARS). The following links are for manual downloads.
Sensor Appliance Updates
IPS 4200-series sensors, IDSM2 Catalyst module, AIM-IPS module, ASA-AIP IPS modules
IOS IPS Updates
IOS IPS in Mainline and T-Train Releases prior to 12.4(11)T (Includes NEW Basic and Advanced Set)
IOS IPS in 12.4(11)T or later T-Train |
��
Cisco.com FTP Access Change
Cisco will no longer be distributing software that requires a contract or login credentials via ftp.cisco.com from October 2010. Most IPS users will not be affected unless you have manually configured this to download from ftp.cisco.com.
IPS software and signature updates will continue to be available from Cisco.com. These can be retrieved using the built-in authenticated download capabilities in the IDM, IME, MARS and CSM management and monitoring applications or manually from the Software Download area on Cisco.com. Please see the FAQ for more information on manually downloading updates from the Software Download area.
Please direct any questions or concerns regarding this change to ftp_download_feedback@cisco.com.
|
New Product Announcements
|
End of Life and End of Sale Announcements
|
Security Research Library
|
Increase your knowledge of today's vulnerabilities, tomorrow's threats, and the technology necessary to keep up.
Cisco Security Intelligence Operations
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations. |
Cyber Risk Reports
Weekly strategic intelligence product that highlights current security activity and mid- to long-range perspectives, also available as a podcast.  |
Cisco IntelliShield Alerts
Up-to-the-minute, actionable intelligence, in-depth vulnerability analysis, and highly reliable threat validation to assist in proactive prevention. |
Cisco Applied Mitigation Bulletins
Techniques that use Cisco product abilities to detect and mitigate the most important security events and vulnerabilities. |
Virus Watch
Current virus trends from SenderBase �� |
Spam Watch
Current spam trends from SenderBase �� |
Security Multimedia Library
Podcasts, video datasheets, webcasts and videos with solutions for today's problems. |
Cisco Security Intelligence Operations Best Practices
Guidance on specific technologies and problem sets to help organizations secure business applications and processes by identifying, preventing, and adapting to threats. |
Cisco Security Services
Professional services to support your Self-Defending Network. |
Cisco Security Solutions
Discover the breadth of Cisco solutions available to solve your organization's security issues. |
Cisco Security Blog
Collaborate with the Cisco Security Community and gain insights into emerging security threats, trends, and best practices.
|
|
|
|
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document at any time.
Contacts | Feedback | Subscribe | Unsubscribe
Terms & Conditions | Privacy Statement | Trademarks of Cisco Systems Inc.
�� 1992-2011 Cisco Systems Inc. All rights reserved.
|
|
|
