Mailing List Archive: NANOG: users

WebEx

Index | Next | Previous | View Threaded

Jon.Kibler at aset

Aug 15, 2008, 6:55 AM

Post #1 of 2 (214 views)
Permalink

WebEx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yesterday, Cisco announced a critical vulnerability in WebEx:
http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml

The interesting thing about this vulnerability is that you can clean up
all of your WebEx installs, but as soon as you create a session with a
WebEx server that has not been upgraded, you are once again vulnerable.
In other words, you are at the mercy of your WebEx presenter.

BTW, despite the fact that Cisco says exploits are available, there is
not the first mention of this vulnerability on the WebEx web site.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiliucACgkQUVxQRc85QlMpJgCgiCPz+nXKOFrVsWkI/7o0HnHI
OhAAnRVH6X9IU3+oc/TRnDrFOqAkadmo
=aulb
-----END PGP SIGNATURE-----

==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

Jon.Kibler at aset

Aug 15, 2008, 9:17 AM

Post #2 of 2 (190 views)
Permalink

Re: WebEx [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jon Kibler wrote:
> BTW, despite the fact that Cisco says exploits are available, there is
> not the first mention of this vulnerability on the WebEx web site.

I really hate to reply to my own postings, but in this case I will make
an exception.

I just got an email from a Cisco PSIRT manager who said that they were
working with WebEx to address the issue that WebEx does not have an
announcement of the vulnerability on its web site, and Cisco will try to
ensure a similar omission does not happen again.

I am glad to see that Cisco is headed on the right track!

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkilrAQACgkQUVxQRc85QlPyAACdFx63Q4MaOpKYBch8SqiS9ToD
jQIAniwFX/qsbWMvzdTuZxfn0IWVdWge
=0mWf
-----END PGP SIGNATURE-----

==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads