Cisco Releases Two Security Advisories

["Fergie" <fergdawg () netzero net>]

Via Cisco:

Cisco Optical Networking System 15000 Series and Cisco Transport Controller Vulnerabilities

Multiple vulnerabilities exist in the Cisco Optical Networking System (ONS) 15310 Multi-service Provisioning Platforms 
(MSPP), ONS 15327 MSPP, ONS 15454 MSPP, ONS 15454 Multi-service Transport Platform (MSTP) and the ONS 15600 MSPP. These 
vulnerabilities will affect Optical nodes that have the Common Control Cards connected to a Data Communications Network 
(DCN) and are enabled for Internet Protocol Version 4 (IP). Successful exploitation of these vulnerabilities will 
result in a denial of service (DoS) of the Common Control Cards.

A separate vulnerability exists within the Cisco Transport Controller (CTC) applet launcher which may allow execution 
of arbitrary code on the CTC workstation. This software is downloaded from the Common Control Cards when a management 
connection is made to the Optical node.

http://www.cisco.com/en/US/products/products_security_advisory09186a0080652714.shtml


Cisco 11500 Content Services Switch HTTP Request Vulnerability

Cisco CSS 11500 Series Content Services Switches configured for Hyper Text Transfer Protocol (HTTP) compression are 
vulnerable to a Denial of Service (DoS) attack when processing valid, but obsolete, or specially crafted HTTP request.

Cisco has made free software available to address this vulnerability for affected customers. The workaround is to 
disable HTTP compression.

http://www.cisco.com/en/US/products/products_security_advisory09186a0080652714.shtml

- ferg

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.