Cisco Blogs


Cisco Blog > Security

Linux Kernel Zero-Day Privilege Escalation Vulnerability CVE-2016-0728

On January 20, 2016, a new Linux Kernel zero-day vulnerability (CVE-2016-0728) was disclosed by Perception Point. The vulnerability has the potential to allow attackers to gain root on affected devices by running a malicious Android or Linux application.

Our investigation is ongoing; however, at this time we have not identified any Cisco products as exploitable. Should this change, we will publish a Security Advisory on the Cisco Security Portal.

Read More »

Tags: , ,

Respecting Privacy, Safeguarding Data and Enabling Trust

Data Privacy Day is January 28, and this year’s theme examines issues around respecting privacy, protecting data and enabling trust. Today more than ever, any global company is a digitized company, which means that every company is grappling with challenges around privacy, security and trust. As a result, these challenges are no longer an IT-only responsibility and now must be addressed by everyone: vendor, customer, partner, board member and end-user alike.

While many security and privacy trends facing global companies today may appear to start out as local, some quickly become global. As many industry observers know, a significant number of these trends are starting in Europe.

For example, the Global Data Protection Regulation announced in October 2015 is one of the biggest legal developments in data privacy and security in the past 20 years. While the law still has to go through the parliamentary process in Europe, it is expected to be a game changer for how privacy is protected legally worldwide. This law is introducing new notions about how both citizens think about their data and how companies are obligated to protect it.

Read More »

Tags: , ,

Bypassing MiniUPnP Stack Smashing Protection

This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz.

Summary

MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software implementations of this technique enable various peer-to-peer software applications, such as Tor and cryptocurrency miners and wallets, to operate on the network.

In 2015 Talos identified and reported a buffer overflow vulnerability in client side code of the popular MiniUPnP library. The vulnerability was promptly fixed by the vendor and was assigned TALOS-CAN-0035 as well as CVE 2015-6031. Martin Zeiser and Aleksandar Nikolic subsequently gave a talk at PacSec 2015 (“Universal Pwn n Play”) about the client side attack surface of UPnP and this vulnerability was part of it.

Talos has developed a working exploit against Bitcoin-qt wallet which utilizes this library. The exploit developed by Talos includes a Stack Smashing Protection (SSP) bypass, the details of which we will discuss here.

The Vulnerability

The vulnerability lies in the XML parser code of the MiniUPnP library in the IGDstartelt function:

Vulnerable XML parser code of the MiniUPnP library

Vulnerable XML parser code of the MiniUPnP library

 

IGDdatas struct definition

IGDdatas struct definition

 

Read More >>

Tags: , , ,

Where is my (intermediate) TLS certificate?

When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made.

A web server will send its certificate down to the requesting client during the TLS handshake. But it is not only a single certificate but usually a complete chain of certificates.
There is the server certificate , in many cases an intermediate CA certificate and finally a Root CA.
When you check your browser this will look like this:
TLS-1

Read More »

Tags: , ,

Link Arms Against the Attackers: Observations from the 2016 Cisco ASR

Remember 2007, when the underground economy began to flourish, using simple protocols and static subnet ranges to control their infrastructure? That was the same year Cisco published the first Annual Security Report (ASR). Nine years later, the drumbeat of cyberthreats grow louder, but the actors and threats are familiar, just as John reminded us when this year’s report was released.

Cyber-crime stats

Read More »

Tags: , , , , , , ,