> Cisco AnyConnect Secure Mobility Client for OS X is affected by a
> vulnerability that allows local attackers to mount arbitrary DMG files
> at arbitrary mount points. By exploiting this vulnerability is is
> possible for the attacker to gain root privileges. Cisco reports that a
> similar issue also exists in Cisco AnyConnect Secure Mobility Client for
> Linux.
>
> ------------------------------------------------------------------------
> See also
> ------------------------------------------------------------------------
> Tested version
> ------------------------------------------------------------------------
> This issue was successfully verified on Cisco AnyConnect Secure Mobility
> Client for OS X version 3.1.08009.
>
> ------------------------------------------------------------------------
> There is currently no fix available. Updates are expected to be released
> on September 30, 2015.
>
> Cisco has released bug ID CSCuv11947 for registered users, which
> contains additional details and an up-to-date list of affected product
> versions.
>
> ------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Cisco customers with active contracts can obtain updates through the
Software Center at https://software.cisco.com/download/navigator.html.
Cisco has released bug ID CSCuv11947 for registered users, which
contains additional details and an up-to-date list of affected product
versions.
On 23-09-15 19:15, Securify B.V. wrote:
> ------------------------------------------------------------------------
> Cisco AnyConnect elevation of privileges via DMG install script
> ------------------------------------------------------------------------
> Yorick Koster, July 2015
>
> ------------------------------------------------------------------------
> Abstract
> ------------------------------------------------------------------------
> Cisco AnyConnect Secure Mobility Client for OS X is affected by a
> vulnerability that allows local attackers to mount arbitrary DMG files
> at arbitrary mount points. By exploiting this vulnerability is is
> possible for the attacker to gain root privileges. Cisco reports that a
> similar issue also exists in Cisco AnyConnect Secure Mobility Client for
> Linux.
>
> ------------------------------------------------------------------------
> See also
> ------------------------------------------------------------------------
> - CVE-2015-6306
> - http://tools.cisco.com/security/center/viewAlert.x?alertId=41135
>
> ------------------------------------------------------------------------
> Tested version
> ------------------------------------------------------------------------
> This issue was successfully verified on Cisco AnyConnect Secure Mobility
> Client for OS X version 3.1.08009.
>
> ------------------------------------------------------------------------
> Fix
> ------------------------------------------------------------------------
> There is currently no fix available. Updates are expected to be released
> on September 30, 2015.
>
> Cisco has released bug ID CSCuv11947 for registered users, which
> contains additional details and an up-to-date list of affected product
> versions.
>
> ------------------------------------------------------------------------
> Details
> ------------------------------------------------------------------------
> https://www.securify.nl/advisory/SFY20150701/cisco_anyconnect_elevation_
of_privileges_via_dmg_install_script.html
>
[ reply ]