Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
james at jamesstewartsmith.com
james at jamesstewartsmith.com
Wed Mar 26 16:51:55 UTC 2014
They don't come out often but it happens. Looks like there were 5 or 6 of them.
James
-----Original Message-----
From: "rwebb at ropeguru.com" <rwebb at ropeguru.com>
Date: Wed, 26 Mar 2014 12:45:18
To: <psirt at cisco.com>; <nanog at nanog.org>
Reply-To: Robert Webb <rwebb at ropeguru.com>
Subject: Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial
of Service Vulnerability
Is this normal for the list to diretly get Cisco security advisories
or something new. First time I have seen these.
Robert
On Wed, 26 Mar 2014 12:10:00 -0400
Cisco Systems Product Security Incident Response Team
<psirt at cisco.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Cisco IOS Software SSL VPN Denial of Service Vulnerability
>
> Advisory ID: cisco-sa-20140326-ios-sslvpn
>
> Revision 1.0
>
>For Public Release 2014 March 26 16:00 UTC (GMT)
>
> Summary
> =======
>
> A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of
>Cisco IOS Software could allow an unauthenticated, remote attacker to
>cause a denial of service (DoS) condition.
>
> The vulnerability is due to a failure to process certain types of
>HTTP requests. To exploit the vulnerability, an attacker could submit
>crafted requests designed to consume memory to an affected device. An
>exploit could allow the attacker to consume and fragment memory on
>the affected device. This may cause reduced performance, a failure of
>certain processes, or a restart of the affected device.
>
> Cisco has released free software updates that address this
>vulnerability.
> There are no workarounds to mitigate this vulnerability.
>
> This advisory is available at the following link:
> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn
>
> Note: The March 26, 2014, Cisco IOS Software Security Advisory
>bundled publication includes six Cisco Security Advisories. All
>advisories address vulnerabilities in Cisco IOS Software. Each Cisco
>IOS Software Security Advisory lists the Cisco IOS Software releases
>that correct the vulnerability or vulnerabilities detailed in the
>advisory as well as the Cisco IOS Software releases that correct all
>Cisco IOS Software vulnerabilities in the March 2014 bundled
>publication.
>
> Individual publication links are in Cisco Event Response: Semiannual
>Cisco IOS Software Security Advisory Bundled Publication at the
>following link:
>
> http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+
> mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i
> uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc
> X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd
> atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn
> dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo
> RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8
> 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ
> 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd
> EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB
> ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7
> RF3x0wYuErbbC7N9m1UH
> =1Ixo
> -----END PGP SIGNATURE-----
>
More information about the NANOG
mailing list