Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
rwebb at ropeguru.com
rwebb at ropeguru.com
Wed Mar 26 16:59:39 UTC 2014
Thanks everyone for the replies. I guess since they are done so
infrequently, I was not a list member the last go around.
Robert
On Wed, 26 Mar 2014 12:58:44 -0400
Andrew Latham <lathama at gmail.com> wrote:
> Robert
>
> Perfectly normal, almost an announce list for issues like this.
>
> On Wed, Mar 26, 2014 at 12:45 PM, rwebb at ropeguru.com
><rwebb at ropeguru.com> wrote:
>>
>> Is this normal for the list to diretly get Cisco security advisories
>>or
>> something new. First time I have seen these.
>>
>> Robert
>>
>>
>> On Wed, 26 Mar 2014 12:10:00 -0400
>> Cisco Systems Product Security Incident Response Team
>><psirt at cisco.com>
>> wrote:
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Cisco IOS Software SSL VPN Denial of Service Vulnerability
>>>
>>> Advisory ID: cisco-sa-20140326-ios-sslvpn
>>>
>>> Revision 1.0
>>>
>>> For Public Release 2014 March 26 16:00 UTC (GMT)
>>>
>>> Summary
>>> =======
>>>
>>> A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of
>>>Cisco
>>> IOS Software could allow an unauthenticated, remote attacker to
>>>cause a
>>> denial of service (DoS) condition.
>>>
>>> The vulnerability is due to a failure to process certain types of
>>>HTTP
>>> requests. To exploit the vulnerability, an attacker could submit
>>>crafted
>>> requests designed to consume memory to an affected device. An
>>>exploit could
>>> allow the attacker to consume and fragment memory on the affected
>>>device.
>>> This may cause reduced performance, a failure of certain processes,
>>>or a
>>> restart of the affected device.
>>>
>>> Cisco has released free software updates that address this
>>>vulnerability.
>>> There are no workarounds to mitigate this vulnerability.
>>>
>>> This advisory is available at the following link:
>>>
>>> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn
>>>
>>> Note: The March 26, 2014, Cisco IOS Software Security Advisory
>>>bundled
>>> publication includes six Cisco Security Advisories. All advisories
>>>address
>>> vulnerabilities in Cisco IOS Software. Each Cisco IOS Software
>>>Security
>>> Advisory lists the Cisco IOS Software releases that correct the
>>> vulnerability or vulnerabilities detailed in the advisory as well as
>>>the
>>> Cisco IOS Software releases that correct all Cisco IOS Software
>>> vulnerabilities in the March 2014 bundled publication.
>>>
>>> Individual publication links are in Cisco Event Response: Semiannual
>>>Cisco
>>> IOS Software Security Advisory Bundled Publication at the following
>>>link:
>>>
>>> http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
>>> Comment: GPGTools - http://gpgtools.org
>>>
>>> iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+
>>> mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i
>>> uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc
>>> X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd
>>> atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn
>>> dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo
>>> RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8
>>> 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ
>>> 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd
>>> EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB
>>> ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7
>>> RF3x0wYuErbbC7N9m1UH
>>> =1Ixo
>>> -----END PGP SIGNATURE-----
>>>
>>
>>
>
>
>
> --
> ~ Andrew "lathama" Latham lathama at gmail.com http://lathama.net ~
More information about the NANOG
mailing list