-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yesterday, Cisco announced a critical vulnerability in WebEx: http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml The interesting thing about this vulnerability is that you can clean up all of your WebEx installs, but as soon as you create a session with a WebEx server that has not been upgraded, you are once again vulnerable. In other words, you are at the mercy of your WebEx presenter. BTW, despite the fact that Cisco says exploits are available, there is not the first mention of this vulnerability on the WebEx web site. Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiliucACgkQUVxQRc85QlMpJgCgiCPz+nXKOFrVsWkI/7o0HnHI OhAAnRVH6X9IU3+oc/TRnDrFOqAkadmo =aulb -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jon Kibler wrote:
BTW, despite the fact that Cisco says exploits are available, there is not the first mention of this vulnerability on the WebEx web site.
I really hate to reply to my own postings, but in this case I will make an exception. I just got an email from a Cisco PSIRT manager who said that they were working with WebEx to address the issue that WebEx does not have an announcement of the vulnerability on its web site, and Cisco will try to ensure a similar omission does not happen again. I am glad to see that Cisco is headed on the right track! Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilrAQACgkQUVxQRc85QlPyAACdFx63Q4MaOpKYBch8SqiS9ToD jQIAniwFX/qsbWMvzdTuZxfn0IWVdWge =0mWf -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
participants (1)
-
Jon Kibler