VARIoT IoT vulnerabilities database
| VAR-201101-0314 | CVE-2010-4670 |
Cisco ASA 5500 Series IPv6 of ND Service disruption in protocol implementation (DoS) Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201101-0731 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. The problem is Bug ID CSCti24526 It is a problem.A large amount of different source addresses by a third party RA Interfering with service operation by sending a message (CPU Resource consumption and device hangs ) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability.
A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users. This security advisory is released because Microsoft doesnt want to fix
the issue. Cisco did for its IOS and ASA within 3 months.
________________________________________________________________________
Title: ICMPv6 Router Announcement flooding denial of service affecting
multiple systems
Date: 05 April 2011
URL: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
________________________________________________________________________
Vendors: Cisco, Juniper, Microsoft, FreeBSD
Affected Products: All Cisco IOS ASA with firmware < November 2010
All Netscreen versions
All Windows versions
All FreeBSD version
Vulnerability: ICMPv6 Router Announcement flooding denial of service
Severity: 7.8 (CVE CVSS Score), local network
CVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669
________________________________________________________________________
Update Section:
05 April 2011
Initial release
________________________________________________________________________
Overview:
When flooding the local network with random router advertisements,
hosts and routers update the network information, consuming all
available CPU resources, making the systems unusable and unresponsive.
As IPv6 and autoconfiguration are enabled by default, all are
affected in their default configuration.
For Windows, a personal firewall or similar security product does not
protect against this attack.
Note: Microsoft does not want to fix this security issue for their
products.
Impact:
Updating the routing tables and configuring IPv6 addresses take up
all available CPU resources.
Routers and firewalls do not forward traffic.
The denial of service is in affect until the flooding is terminated.
The exact impact differs from the affected system type:
Cisco: 100% traffic loss with autconfiguration active, 80% without.
Netscreen: Only affected when the interface is configured as host, traffic
is forwarded until the neighbor information times out, then the traffic
is lost
Windows: 100% CPU, 100% RAM
FreeBSD: 100% CPU, additionally IPv6 support can be lost until reboot
occasionally.
Old Linux kernels are also affected, detailed version information unknown.
Description:
On IPv6 networks, hosts automatically find out about available
routers via ICMPv6 router announcements which are sent by the
routers. Additionally, router announcemens are used to replace
DHCP by the so called autoconfiguration feature.
Windows and FreeBSD - like all modern operating systems - enable
IPv6 and autoconfiguration by default and are thereby vulnerable.
A personal firewall will not protect against this attack.
If a system receives a router announcement of a new router, it
updates its routing table with the new router, and if the
autoconfiguration flag is set on the announcement (and the host
is configured to configure its IPv6 address by this mechanism),
the host chooses an IPv6 address from the announced network space.
If a network is flooded with random router announcements, systems
scramble to update their routing tables and configure IPv6
addresses.
Exploit:
Flood the network with router advertisements coming from different
routers and announcing different network prefixes.
A tool to test for this vulnerability is included in the thc-ipv6
package, called flood_router6.
Solution:
Cisco: IOS fix CSCti24526 , ASA fix CSCti33534
Linux: fixed prior 2010
Netscreen: Juniper waiting for IETF results for how to fix the issue
FreeBSD: unknown
Windows: Microsoft made clear that they do not plan to issue a
fix for this security issue.
Workaround:
The procession of router announcements must be disabled.
Please consult your system manual on how to this for your
affected platform.
Alternatively, disable IPv6.
________________________________________________________________________
Vendor communication:
10 July 2010 Microsoft informed
10 July 2010 Cisco informed
01 August 2010 Cisco confirms problem, announces fix for October
12 August 2010 Microsoft confirms vulnerability, states no fix
will be supplied.
22 November 2010 Cisco confirms fixes are available and started to
be deployed in current firmwares
28 December 2010 vendor-sec informed (among other issues)
05 February 2011 FreeBSD informed (made aware via vendor-sec 5 weeks
before)
20 February 2011 Juniper informed
09 March 2011 Juniper confirms problem
01 April 2011 Juniper informs that they work with the IETF to
develop a standard method to cope with this and
similar attacks.
________________________________________________________________________
Contact:
Marc Heuse
mh@mh-sec.de
http://www.mh-sec.de
________________________________________________________________________
The information provided is released "as is" without warranty of
any kind. The publisher disclaims all warranties, either express or
implied, including all warranties of merchantability.
No responsibility is taken for the correctness of this information.
In no event shall the publisher be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of
business profits or special damages, even if the publisher has been
advised of the possibility of such damages.
The contents of this advisory is copyright (c) 2010,2011 by Marc Heuse
and may be distributed freely provided that no fee is charged for
the distribution and proper credit is given.
________________________________________________________________________
--
Marc Heuse
www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
| VAR-201101-0315 | CVE-2010-4671 |
Cisco IOS of Neighbor Discovery Service disruption in protocol implementation (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0731 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. Cisco IOS of IPv6 In the stack Neighbor Discovery Protocol implementation includes service disruption (DoS) There is a vulnerability that becomes a condition. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability.
A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This security advisory is released because Microsoft doesnt want to fix
the issue. Cisco did for its IOS and ASA within 3 months.
________________________________________________________________________
Title: ICMPv6 Router Announcement flooding denial of service affecting
multiple systems
Date: 05 April 2011
URL: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
________________________________________________________________________
Vendors: Cisco, Juniper, Microsoft, FreeBSD
Affected Products: All Cisco IOS ASA with firmware < November 2010
All Netscreen versions
All Windows versions
All FreeBSD version
Vulnerability: ICMPv6 Router Announcement flooding denial of service
Severity: 7.8 (CVE CVSS Score), local network
CVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669
________________________________________________________________________
Update Section:
05 April 2011
Initial release
________________________________________________________________________
Overview:
When flooding the local network with random router advertisements,
hosts and routers update the network information, consuming all
available CPU resources, making the systems unusable and unresponsive.
As IPv6 and autoconfiguration are enabled by default, all are
affected in their default configuration.
For Windows, a personal firewall or similar security product does not
protect against this attack.
Note: Microsoft does not want to fix this security issue for their
products.
Impact:
Updating the routing tables and configuring IPv6 addresses take up
all available CPU resources.
Routers and firewalls do not forward traffic.
The denial of service is in affect until the flooding is terminated.
The exact impact differs from the affected system type:
Cisco: 100% traffic loss with autconfiguration active, 80% without.
Netscreen: Only affected when the interface is configured as host, traffic
is forwarded until the neighbor information times out, then the traffic
is lost
Windows: 100% CPU, 100% RAM
FreeBSD: 100% CPU, additionally IPv6 support can be lost until reboot
occasionally.
Old Linux kernels are also affected, detailed version information unknown.
Description:
On IPv6 networks, hosts automatically find out about available
routers via ICMPv6 router announcements which are sent by the
routers. Additionally, router announcemens are used to replace
DHCP by the so called autoconfiguration feature.
Windows and FreeBSD - like all modern operating systems - enable
IPv6 and autoconfiguration by default and are thereby vulnerable.
A personal firewall will not protect against this attack.
If a system receives a router announcement of a new router, it
updates its routing table with the new router, and if the
autoconfiguration flag is set on the announcement (and the host
is configured to configure its IPv6 address by this mechanism),
the host chooses an IPv6 address from the announced network space.
If a network is flooded with random router announcements, systems
scramble to update their routing tables and configure IPv6
addresses.
Exploit:
Flood the network with router advertisements coming from different
routers and announcing different network prefixes.
A tool to test for this vulnerability is included in the thc-ipv6
package, called flood_router6.
Solution:
Cisco: IOS fix CSCti24526 , ASA fix CSCti33534
Linux: fixed prior 2010
Netscreen: Juniper waiting for IETF results for how to fix the issue
FreeBSD: unknown
Windows: Microsoft made clear that they do not plan to issue a
fix for this security issue.
Workaround:
The procession of router announcements must be disabled.
Please consult your system manual on how to this for your
affected platform.
Alternatively, disable IPv6.
________________________________________________________________________
Vendor communication:
10 July 2010 Microsoft informed
10 July 2010 Cisco informed
01 August 2010 Cisco confirms problem, announces fix for October
12 August 2010 Microsoft confirms vulnerability, states no fix
will be supplied.
22 November 2010 Cisco confirms fixes are available and started to
be deployed in current firmwares
28 December 2010 vendor-sec informed (among other issues)
05 February 2011 FreeBSD informed (made aware via vendor-sec 5 weeks
before)
20 February 2011 Juniper informed
09 March 2011 Juniper confirms problem
01 April 2011 Juniper informs that they work with the IETF to
develop a standard method to cope with this and
similar attacks.
________________________________________________________________________
Contact:
Marc Heuse
mh@mh-sec.de
http://www.mh-sec.de
________________________________________________________________________
The information provided is released "as is" without warranty of
any kind. The publisher disclaims all warranties, either express or
implied, including all warranties of merchantability.
No responsibility is taken for the correctness of this information.
In no event shall the publisher be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of
business profits or special damages, even if the publisher has been
advised of the possibility of such damages.
The contents of this advisory is copyright (c) 2010,2011 by Marc Heuse
and may be distributed freely provided that no fee is charged for
the distribution and proper credit is given.
________________________________________________________________________
--
Marc Heuse
www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco IOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious users to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when processing certain IRC traffic can be exploited to
cause a device reload by accessing an IRC channel within 36 hours of
a reload.
2) An error in the CME (Communication Manager Express) component when
handling a SNR number change menu from an extension mobility phone can
be exploited to crash the device.
3) A memory leak when processing UDP SIP REGISTER packets can be
exploited to exhaust memory resources via a specially crafted SIP
packet.
4) An error in the PKI implementation does not clear the public key
cache for the peers when the certificate map is changed. This can be
exploited to reconnect and bypass the certificate ban.
5) A memory fragmentation error in the CME (Communication Manager
Express) component when handling SIP TRUNK traffic can be exploited
to exhaust memory resources via specially crafted SIP packets.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0317 | CVE-2010-4673 | Cisco Adaptive Security Appliances Denial of service on device (DoS) Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. The problem is Bug ID CSCtg06316 Problem.By a third party, Denial of service via packet flood (DoS) May be in a state.
An attacker can exploit these issues to cause denial-of-service conditions.
These issues are being tracked by Cisco bug IDs CSCtg06316 and CSCtg63992
| VAR-201101-0328 | CVE-2010-4674 | Cisco ASA 5500 Service disruption in the series (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992. The problem is Bug ID CSCtg63992 It is a problem.Denial of service by a third party via multicast traffic ( Block depletion ) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services.
An attacker can exploit these issues to cause denial-of-service conditions.
These issues are being tracked by Cisco bug IDs CSCtg06316 and CSCtg63992. A remote attacker can cause denial of service (block consumption) with the help of multicast communication. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multicast Traffic Denial of Service
SECUNIA ADVISORY ID:
SA42942
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42942/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42942
RELEASE DATE:
2011-01-17
DISCUSS ADVISORY:
http://secunia.com/advisories/42942/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42942/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42942
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco ASA (Adaptive Security
Appliance) 5500 Series, which can be exploited by malicious people to
cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error when handling
multicast traffic and can be exploited to exhaust certain resources
(1550 blocks).
The vulnerability is reported in version 8.2(4) and prior.
SOLUTION:
Restrict access to trusted hosts only (e.g. via network access
control lists).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0329 | CVE-2010-4675 |
Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504. The problem is Bug ID CSCsv40504 It is a problem.Service disruption by remotely authenticated user (DoS) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0316 | CVE-2010-4672 |
Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269. Cisco Adaptive Security Appliances (ASA) Device has a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug IDs CSCtf20269 It is a problem.By a third party EIGRP Through traffic EIGRP Multicast storm is triggered and service operation is interrupted (DoS) There is a possibility of being put into a state. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0330 | CVE-2010-4676 |
Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. The problem is Bug ID CSCsx52748 It is a problem.Remotely authenticated users can IPsec Service disruption through traffic (DoS) There is a possibility of being put into a state. Cisco ASA 5500 series appliances are prone to multiple remote vulnerabilities, including:
Multiple security-bypass vulnerabilities
Multiple denial-of-service vulnerabilities
Attackers can exploit these issues to cause denial-of-service conditions or bypass certain security restrictions. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0310 | CVE-2010-4677 |
Cisco Adaptive Security Appliances Runs on the device emWEB Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. Cisco Adaptive Security Appliances Runs on the device emWEB There is a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID CSCsy08416 It is a problem.Denial of service operation by a third party through a request for a document that contains a space in the file name (DoS) There is a possibility of being put into a state. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0313 | CVE-2010-4680 |
Cisco Adaptive Security Appliances Device WebVPN Vulnerabilities that prevent access restrictions in the implementation
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0312 | CVE-2010-4679 |
Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. The problem is Bug ID CSCsz36816 It is a problem.remote OCSP Service disruption due to rejection of connection attempt by responder (DoS) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. Cisco ASA 5500 series appliances are prone to multiple remote vulnerabilities, including:
Multiple security-bypass vulnerabilities
Multiple denial-of-service vulnerabilities
Attackers can exploit these issues to cause denial-of-service conditions or bypass certain security restrictions. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0311 | CVE-2010-4678 |
Cisco Adaptive Security Appliances Vulnerabilities that prevent access restrictions on devices
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0319 | CVE-2010-4682 |
Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID CSCtf29867. The problem is Bug ID CSCtf29867 It is a problem.Multiple inaccuracy by a third party LDAP Service disruption through authentication attempts (DoS) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0318 | CVE-2010-4681 |
Cisco Adaptive Security Appliances In the device SMTP Vulnerability that bypasses the inspection function
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901. The problem is Bug ID CSCte14901 It is a problem.By a third party SMTP The inspection function may be bypassed. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0300 | CVE-2010-4669 |
plural Windows Product ND Service disruption in protocol implementation (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0731 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability.
A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users. This security advisory is released because Microsoft doesnt want to fix
the issue. Cisco did for its IOS and ASA within 3 months.
________________________________________________________________________
Title: ICMPv6 Router Announcement flooding denial of service affecting
multiple systems
Date: 05 April 2011
URL: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
________________________________________________________________________
Vendors: Cisco, Juniper, Microsoft, FreeBSD
Affected Products: All Cisco IOS ASA with firmware < November 2010
All Netscreen versions
All Windows versions
All FreeBSD version
Vulnerability: ICMPv6 Router Announcement flooding denial of service
Severity: 7.8 (CVE CVSS Score), local network
CVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669
________________________________________________________________________
Update Section:
05 April 2011
Initial release
________________________________________________________________________
Overview:
When flooding the local network with random router advertisements,
hosts and routers update the network information, consuming all
available CPU resources, making the systems unusable and unresponsive.
As IPv6 and autoconfiguration are enabled by default, all are
affected in their default configuration.
For Windows, a personal firewall or similar security product does not
protect against this attack.
Note: Microsoft does not want to fix this security issue for their
products.
Impact:
Updating the routing tables and configuring IPv6 addresses take up
all available CPU resources.
Routers and firewalls do not forward traffic.
The denial of service is in affect until the flooding is terminated.
The exact impact differs from the affected system type:
Cisco: 100% traffic loss with autconfiguration active, 80% without.
Netscreen: Only affected when the interface is configured as host, traffic
is forwarded until the neighbor information times out, then the traffic
is lost
Windows: 100% CPU, 100% RAM
FreeBSD: 100% CPU, additionally IPv6 support can be lost until reboot
occasionally.
Old Linux kernels are also affected, detailed version information unknown.
Description:
On IPv6 networks, hosts automatically find out about available
routers via ICMPv6 router announcements which are sent by the
routers. Additionally, router announcemens are used to replace
DHCP by the so called autoconfiguration feature.
Windows and FreeBSD - like all modern operating systems - enable
IPv6 and autoconfiguration by default and are thereby vulnerable.
A personal firewall will not protect against this attack.
If a system receives a router announcement of a new router, it
updates its routing table with the new router, and if the
autoconfiguration flag is set on the announcement (and the host
is configured to configure its IPv6 address by this mechanism),
the host chooses an IPv6 address from the announced network space.
If a network is flooded with random router announcements, systems
scramble to update their routing tables and configure IPv6
addresses.
Exploit:
Flood the network with router advertisements coming from different
routers and announcing different network prefixes.
A tool to test for this vulnerability is included in the thc-ipv6
package, called flood_router6.
Solution:
Cisco: IOS fix CSCti24526 , ASA fix CSCti33534
Linux: fixed prior 2010
Netscreen: Juniper waiting for IETF results for how to fix the issue
FreeBSD: unknown
Windows: Microsoft made clear that they do not plan to issue a
fix for this security issue.
Workaround:
The procession of router announcements must be disabled.
Please consult your system manual on how to this for your
affected platform.
Alternatively, disable IPv6.
________________________________________________________________________
Vendor communication:
10 July 2010 Microsoft informed
10 July 2010 Cisco informed
01 August 2010 Cisco confirms problem, announces fix for October
12 August 2010 Microsoft confirms vulnerability, states no fix
will be supplied.
22 November 2010 Cisco confirms fixes are available and started to
be deployed in current firmwares
28 December 2010 vendor-sec informed (among other issues)
05 February 2011 FreeBSD informed (made aware via vendor-sec 5 weeks
before)
20 February 2011 Juniper informed
09 March 2011 Juniper confirms problem
01 April 2011 Juniper informs that they work with the IETF to
develop a standard method to cope with this and
similar attacks.
________________________________________________________________________
Contact:
Marc Heuse
mh@mh-sec.de
http://www.mh-sec.de
________________________________________________________________________
The information provided is released "as is" without warranty of
any kind. The publisher disclaims all warranties, either express or
implied, including all warranties of merchantability.
No responsibility is taken for the correctness of this information.
In no event shall the publisher be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of
business profits or special damages, even if the publisher has been
advised of the possibility of such damages.
The contents of this advisory is copyright (c) 2010,2011 by Marc Heuse
and may be distributed freely provided that no fee is charged for
the distribution and proper credit is given.
________________________________________________________________________
--
Marc Heuse
www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
| VAR-201101-0408 | No CVE | Lexmark Printer Ready Message Value HTML Code Injection Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Lexmark Printer X651de is a printer from Lexmark, USA. The Lexmark Printer X651de has an HTML injection vulnerability in its implementation, which is not properly filtered when using user-provided input in dynamically generated content. A remote attacker could exploit this vulnerability to run HTML and script code in an affected printer web interface application, stealing cookie authentication credentials or controlling the appearance of the site. Other attacks are also possible.
Lexmark Printer X651de is vulnerable; other versions may also be affected
| VAR-201101-0400 | No CVE | SAP Management Console has a vulnerability when processing some administrative commands |
CVSS V2: - CVSS V3: - Severity: LOW |
The SAP Management Console has errors in processing some of the administrative commands, and an attacker can exploit the vulnerability to restart the service. The SAP Management Console is a management console for SAP products. Some methods in the \"sapstartsrv\" SOAP service have errors that can leak sensitive information such as log file lists and their contents, file parameters, and developer tracking information.
Attackers can exploit these issues to a cause a denial-of-service condition or obtain sensitive information.
The following versions are vulnerable:
SAP KERNEL RELEASE 6.40
SAP KERNEL RELEASE 7.00
SAP KERNEL RELEASE 7.01
SAP KERNEL RELEASE 7.10
SAP KERNEL RELEASE 7.11
SAP KERNEL RELEASE 7.20. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SAP Management Console Two Vulnerabilities
SECUNIA ADVISORY ID:
SA42788
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42788/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42788
RELEASE DATE:
2011-01-07
DISCUSS ADVISORY:
http://secunia.com/advisories/42788/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42788/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42788
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Jordan Santarsieri has reported some vulnerabilities in SAP KERNEL,
which can be exploited by malicious people to disclose sensitive
information and cause a DoS (Denial of Service).
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Jordan Santarsieri, Onapsis.
ORIGINAL ADVISORY:
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-001
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-002
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0116 | CVE-2011-0423 | PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative password |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214. The PolyVision RoomWizard web based scheduling system with touch screen display contains two vulnerabilities that allow an unauthorized user to access the device console and Sync Connector Active Directory credentials. RoomWizard is prone to a security-bypass vulnerability and an information-disclosure vulnerability.
Successful exploiting these issues allow attackers to gain access to the application; other attacks may also be possible
| VAR-201101-0011 | CVE-2010-0214 | PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative password |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI. The PolyVision RoomWizard web based scheduling system with touch screen display contains two vulnerabilities that allow an unauthorized user to access the device console and Sync Connector Active Directory credentials. PolyVision RoomWizard In some cases, a remote third party accesses the admin interface, Active Directory You may be able to obtain your credentials. PolyVision RoomWizard Is a web-based conference room reservation system. Sync Connector Is RoomWizard But, Microsoft Windows Actitve Directory (AD) Environmental Microsoft Exchange This is a function for linking with. PolyVision RoomWizard The admin interface for Sync Connector Used by Active Directory Is vulnerable to a password leak. Also, PolyVision RoomWizard To HTTP Factory settings for administrative account information for access via the Internet may be obtained by a third party.By a remote third party, AD Your credentials could be stolen. Also, the settings of this product may be changed. RoomWizard is prone to a security-bypass vulnerability and an information-disclosure vulnerability.
Successful exploiting these issues allow attackers to gain access to the application; other attacks may also be possible
| VAR-201101-0015 | CVE-2010-4013 | Apple Mac OS X Updates for vulnerabilities in |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. Apple Mac OS X is prone to a remote code-execution vulnerability due to a format-string issue in the PackageKit component.
An attacker can exploit this issue by conducting a man-in-the-middle attack.
Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects Apple Mac OS X 10.6 versions. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X PackageKit Format String Vulnerability
SECUNIA ADVISORY ID:
SA42841
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42841/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42841
RELEASE DATE:
2011-01-08
DISCUSS ADVISORY:
http://secunia.com/advisories/42841/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42841/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42841
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Mac OS X, which can be exploited
by malicious people to potentially compromise a vulnerable system.
The vulnerability is caused due to a format string error when
handling distribution scripts during Software Update checks and can
be exploited to corrupt memory. via
Man-in-the-Middle (MitM) attacks.
SOLUTION:
Apply 10.6.6 updates.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Aaron Sigel, vtty.com.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4498
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0409 | No CVE | Linksys BEFSR41 Storage Cross-Site Scripting Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Linksys BEFSR41 is a Linksys high-speed Cable/DSL switching router. Linksys does not verify the input size and can cause stored cross-site scripting errors. Hostname, username (PPPoE and PPTP), customizable applications and other fields are affected by this vulnerability. Linksys BEFSR41 is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the device, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible