[c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
adrian.minta at gmail.com
Thu Feb 11 13:53:15 UTC 2016
Be careful, It appears that something is broken with ARP on this release.
We have no ARP on lan interface, and somebody else has a similar problem:
On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saif <lists at sadiqs.com> wrote:
> Update your ASAs folks, this is a critical one.
> -------- Forwarded Message --------
> Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and
> IKEv2 Buffer Overflow Vulnerability
> Date: Wed, 10 Feb 2016 08:06:51 -0800
> From: Cisco Systems Product Security Incident Response Team
> <psirt at cisco.com>
> Reply-To: psirt at cisco.com
> To: cisco-nsp at puck.nether.net
> CC: psirt at cisco.com
> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer
> Overflow Vulnerability
> Advisory ID: cisco-sa-20160210-asa-ike
> Revision 1.0
> For Public Release 2016 February 10 16:00 GMT (UTC)
> A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and
> IKE version 2 (v2) code of Cisco ASA Software could allow an
> unauthenticated, remote attacker to cause a reload of the affected
> system or to remotely execute code.
> The vulnerability is due to a buffer overflow in the affected code area.
> An attacker could exploit this vulnerability by sending crafted UDP
> packets to the affected system. An exploit could allow the attacker to
> execute arbitrary code and obtain full control of the system or to cause
> a reload of the affected system.
> Note: Only traffic directed to the affected system can be used to
> exploit this vulnerability. This vulnerability affects systems
> configured in routed firewall mode only and in single or multiple
> context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.
> Cisco has released software updates that address this vulnerability.
> This advisory is available at the following link:
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the NANOG