SSD Advisory – Icewarp, AfterLogic and MailEnable Code Injection

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities in Icewarp, AfterLogic and MailEnable Webmails.

The three vulnerabilities found are:

  1. Afterlogic Webmail code injection
  2. Icewarp Webmail code injection
  3. MailEnable Webmail code injection

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Responses
AfterLogic
AfterLogic has released patch to address the vulnerability – we have no information on which version addresses this, we believe the latest version of AfterLogic includes patches for the vulnerability.

IceWarp
IceWarp has released patch to address the vulnerability – version 11.4.0.

MailEnable
We notified MailEnable of the vulnerabilities back in November 2015, repeated attempts to re-establish contact and get some answer on the status of the patches for these vulnerabilities went unanswered. At this time there is no solution or workaround for these vulnerabilities.

Continue reading SSD Advisory – Icewarp, AfterLogic and MailEnable Code Injection

SSD Advisory – Cisco MSE Preauthentication Remote Code Execution

Vulnerabilities Summary
Cisco Mobile Services Engine (MSE) is a platform that helps organizations increase visibility into the network, customize location-based mobile services, and strengthen security. The following advisory describes Cisco MSE Pre-Authentication Code Execution (Cisco MSE version 8.0.100.0).

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released Mobility Services Engine patches (November 2015) to address the vulnerabilities, advisory can be found here and here

Continue reading SSD Advisory – Cisco MSE Preauthentication Remote Code Execution

SSD Advisory – DropBear Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes four (4) vulnerabilities in DropBear. DropBear is a SSH server and client. It runs on a variety of POSIX-based platforms. DropBear is open source software, distributed under a MIT-style license. DropBear is particularly useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers.

The four vulnerabilities found in DropBear are:

  1. Server-side disclose memory
  2. Stack buffer overflow
  3. Format string vulnerability
  4. Heap buffer overwrite and arbitrary memory read vulnerabilities

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released DropBear patches (21st of July 2016) to address the vulnerabilities, advisory can be found https://matt.ucc.asn.au/dropbear/CHANGES.

Continue reading SSD Advisory – DropBear Multiple Vulnerabilities