This vulnerability was discovered by Lilith (>_>) of Cisco Talos.
The Epee library, which is leveraged by a large number of cryptocurrencies, contains an exploitable code execution vulnerability in the Levin deserialization functionality. An attacker can send a specially crafted network packet to cause a logic flaw, resulting in remote code execution.
In accordance with our coordinated disclosure policy, Cisco Talos has worked with the developers of Monero 'Lithium Luna' to ensure that these issues have been resolved and that an update has been made available for affected users. It is recommended that this update is applied as quickly as possible to ensure that systems are no longer affected by this vulnerability.
Read More »
Attachments
Original document
Permalink
Disclaimer
Cisco Systems Inc. published this content on 25 September 2018 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 25 September 2018 17:33:02 UTC
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).