Gladiator Research and Security

GSA Reference Number: AD080926-01

Simply Put: Cisco has announced twelve vulnerabilities in multiple Cisco products.  The vulnerabilities range from denial of service to remote exploitation, for some systems.  The denial of service issues will cause the device to reload, if exploited.  Remote exploitation only affects the Cisco uBR10012 model devices.  For a comprehensive list of affected IOS versions, refer to the Cisco article linked below. Gladiator will be reviewing all monitored client Cisco devices to determine what IOS version they are running.  If a device is out of date, it will be updated.

GSA Reference Number: AD080903-01

Simply Put: Cisco has announced five vulnerabilities in their Cisco ASA 5500 and PIX devices.  The vulnerabilities deal with denial of service to the device or information disclosure.  The denial of service issues will cause the device to reload, if exploited.  For a comprehensive list of affected IOS versions, refer to the Cisco article linked below. Gladiator will be reviewing all client Cisco devices to determine what IOS version they are running.  If a device is out of date, it will be updated starting this weekend.

GSA Reference Number: AD080717-01

Simply Put: BlackBerry Enterprise Server has a new vulnerability in its attachment processing engine.  Basically, if an attacker attaches a maliciously formatted PDF file to an email and sends it to a BlackBerry user, the server processing the attachment could become compromised.  The BlackBerry user would have to view the email attachment on his phone to trigger the attack.  This is a vulnerability in the BlackBerry server and not BlackBerry phones.  If this attack is successful, arbitrary code could be run on the Enterprise Server.

GSA Reference Number: AD080709-01

Simply Put: Recently, multiple vendors have released patches to address a vulnerability in the DNS protocol.  DNS is used for resolving host names and web addresses to IP addresses on the Internet.  DNS servers will send out queries to other DNS servers when they receive a request for a host not stored in their database.  When that happens, an attacker can respond to the request with a specially crafted packet with a malicious IP address.  Since DNS takes the first response, this IP address will be written to its database and served to the users.  Consequently, if a user tries to go to a website they might be redirected to a malicious website instead.

GSA Reference Number: AD080708-01

Simply Put: Microsoft Access included with Microsoft Office 2000 through 2003, including Office XP, is vulnerable to remote exploitation through Internet Explorer.  If a user with MS Access installed browses to a malicious website, arbitrary files could be copied to the users machine. The vulnerability can be used to run malicious code on a user’s machine without notification or permission. Gladiator feels this issue is extremely critical.

GSA Reference Number: AD080528-01

Simply Put: Adobe’s Flash Player has a new, zero-day vulnerability. Zero-day means the attack is being actively exploited on the internet and there is not a patch available. Adobe Flash Player is used to display flash files (.swf) in web pages – these files are normally seen as movies or animations. The vulnerability can be used to run malicious code on a user’s machine without notification or permission. Gladiator feels this issue is extremely critical.

GSA Reference Number: AD080512-01

Simply Put: A new phishing scam is currently making its way around the internet. Phishers are sending out email which appears to come from the IRS with information on your 2008 Economic Stimulus Refund. The email requests that you fill out an online form with your personal information so the check can be directly deposited in your bank account. The link to the form is included in the email. This email is not from the IRS, and is designed to steal a person’s identity.