nanog mailing list archives
Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Wed, 26 Mar 2014 10:06:24 -0400 (EDT)
These also get posted to other mailing lists, such as cisco-nsp. jms On Wed, 26 Mar 2014, rwebb () ropeguru com wrote:
Thanks everyone for the replies. I guess since they are done so infrequently, I was not a list member the last go around.Robert On Wed, 26 Mar 2014 12:58:44 -0400 Andrew Latham <lathama () gmail com> wrote:Robert Perfectly normal, almost an announce list for issues like this.On Wed, Mar 26, 2014 at 12:45 PM, rwebb () ropeguru com <rwebb () ropeguru com> wrote: > > Is this normal for the list to diretly get Cisco security advisories or> something new. First time I have seen these.> > Robert > > > On Wed, 26 Mar 2014 12:10:00 -0400> Cisco Systems Product Security Incident Response Team <psirt () cisco com> > wrote:> > > > -----BEGIN PGP SIGNED MESSAGE-----> > Hash: SHA1> > > > Cisco IOS Software SSL VPN Denial of Service Vulnerability > > > > Advisory ID: cisco-sa-20140326-ios-sslvpn > > > > Revision 1.0 > > > > For Public Release 2014 March 26 16:00 UTC (GMT) > > > > Summary> > =======> > > > A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of > > Cisco> > IOS Software could allow an unauthenticated, remote attacker to cause a > > denial of service (DoS) condition.> > > > The vulnerability is due to a failure to process certain types of HTTP > > requests. To exploit the vulnerability, an attacker could submit > > crafted > > requests designed to consume memory to an affected device. An exploit > > could > > allow the attacker to consume and fragment memory on the affected > > device. > > This may cause reduced performance, a failure of certain processes, or > > a> > restart of the affected device.> > > > Cisco has released free software updates that address this > > vulnerability.> > There are no workarounds to mitigate this vulnerability.> > > > This advisory is available at the following link: > > > > http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn > > > > Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled > > publication includes six Cisco Security Advisories. All advisories > > address> > vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security > > Advisory lists the Cisco IOS Software releases that correct the> > vulnerability or vulnerabilities detailed in the advisory as well as > > the> > Cisco IOS Software releases that correct all Cisco IOS Software > > vulnerabilities in the March 2014 bundled publication.> > > > Individual publication links are in Cisco Event Response: Semiannual > > Cisco > > IOS Software Security Advisory Bundled Publication at the following > > link: > > > > http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html> > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG/MacGPG2 v2.0.22 (Darwin) > > Comment: GPGTools - http://gpgtools.org> > > > iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+> > mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i > > uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc > > X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd > > atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn > > dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo > > RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8 > > 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ > > 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd > > EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB > > ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7 > > RF3x0wYuErbbC7N9m1UH > > =1Ixo > > -----END PGP SIGNATURE-----> > > >-- ~ Andrew "lathama" Latham lathama () gmail com http://lathama.net ~
Current thread:
- Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability rwebb () ropeguru com (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability james (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Mikael Abrahamsson (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Andrew Latham (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability rwebb () ropeguru com (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Justin M. Streiner (Mar 26)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability kendrick eastes (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability cbr (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Matt Palmer (Mar 27)
- Message not available
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Larry Sheldon (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Alexander Neilson (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Shrdlu (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Mark Tinka (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Randy Bush (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Peter Kristolaitis (Mar 27)
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability rwebb () ropeguru com (Mar 26)
- Message not available
- Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Larry Sheldon (Mar 27)