nanog mailing list archives
Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
From: cbr <list () mass-distortion net>
Date: Thu, 27 Mar 2014 09:02:17 -0600
For anyone who was subscribed to the old full-disclosure list ... Fydor of nmap has brought it back to life. Infolink @ http://insecure.org/news/fulldisclosure/ Subscribe @ http://nmap.org/mailman/listinfo/fulldisclosure On Mar 26, 2014, at 10:52 AM, kendrick eastes <keastes () gmail com> wrote:
The Full-disclosure mailing list was recently... retired, I guess cisco thought NANOG was the next best place. On Wed, Mar 26, 2014 at 10:45 AM, rwebb () ropeguru com <rwebb () ropeguru com>wrote:Is this normal for the list to diretly get Cisco security advisories or something new. First time I have seen these. Robert On Wed, 26 Mar 2014 12:10:00 -0400 Cisco Systems Product Security Incident Response Team <psirt () cisco com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco IOS Software SSL VPN Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-ios-sslvpn Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary ======= A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/ CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+ mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7 RF3x0wYuErbbC7N9m1UH =1Ixo -----END PGP SIGNATURE-----
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability rwebb () ropeguru com (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability james (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Mikael Abrahamsson (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Andrew Latham (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability rwebb () ropeguru com (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Justin M. Streiner (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability kendrick eastes (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability cbr (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Matt Palmer (Mar 27)
- Message not available
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Larry Sheldon (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Alexander Neilson (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Shrdlu (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Mark Tinka (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Randy Bush (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Peter Kristolaitis (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability rwebb () ropeguru com (Mar 26)
- Message not available
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Larry Sheldon (Mar 27)