VARIoT IoT vulnerabilities database

SAP Kernel is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information. Information obtained may aid in further attacks and facilitate access to other services. The issue affects the following: SAP Kernel 6.40 7.00, 7.01, 7.10, 7.11, 7.20.

SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management interface which listens by default on TCP port 443. While parsing requests sent to the login.php page, the process does not properly sanitize the USERNAME POST parameter. By sending a specially crafted string, a remote attacker can leverage this vulnerability to inject arbitrary SQL into the backend database on the server. Symantec Web Gateway is a Web security gateway hardware appliance. Any SQL. Exploiting this issue could allow an attacker to compromise the device, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. -- Vendor Response: Symantec has issued an update to correct this vulnerability. More details can be found at: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 -- Disclosure Timeline: 2010-09-23 - Vulnerability reported to vendor 2011-01-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * RadLSneak -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec Web Gateway Management Interface "USERNAME" SQL Injection SECUNIA ADVISORY ID: SA42878 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42878/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42878 RELEASE DATE: 2011-01-14 DISCUSS ADVISORY: http://secunia.com/advisories/42878/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42878/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42878 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec Web Gateway, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to compromise a vulnerable system. The vulnerability is reported in version 4.5. Other versions may also be affected. SOLUTION: Update to version 4.5.0.376 or later. PROVIDED AND/OR DISCOVERED BY: RadLSneak via ZDI. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-013/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. Successful exploits allow an attacker to crash the affected browser, resulting in a denial-of-service condition. Versions prior to Research In Motion BlackBerry Device Software 6.0.0 are vulnerable. Gents, BlackHat Washington DC has just finished, and we wanted to let you know that RIM officially released a patch for the vulnerability found by TEHTRI-Security in BlackBerry devices, and covered during our talk: "Inglourious Hackerds: Targeting Web Clients". To quote RIM web site, the BlackBerry device subsequently terminates the browser, and the browser eventually restarts and displays an error message. What was quite funny is that, with little tweaks (based on incoming User-Agent + sizes of buffers + payloads...) our 0day also worked against HTC Windows, Apple iPhone/iPod (CVE-2010-1752) and Google Android devices, with different kind of results. It's all related to a flaw in the way those devices try to handle HTML codes, based on some concepts taken from the HTTP RFC directly... To avoid the spread of annoying exploits, that would target customers of Google, RIM, Apple & HTC, we only shared some information with the vendors and during the BlackHat DC event, but our slides on BlackHat.com will also contain part of information. If you want to go further, here are some useful links: - Official RIM web page dealing with our 0Day: http://www.blackberry.com/btsc/KB24841 - BlackHat Washington DC: https://www.blackhat.com/html/bh-dc-11/bh-dc-11-schedule.html - Mitre CVE Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2599 - Gartner.com Blog Entry about our talk @BHDC: http://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/ - NetworkWorld Press Article about our talk @BHDC: http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html - TEHTRI-Security Blog: http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html We would like to thanks the security experts of RIM who came to our talk in Washington, and who took time there to share explanations with our attendees in order to show how they mitigated our findings by handling those issues with all the carriers involved worldwide (what an incredible task). On our side, we got technical fun by doing technical penetration tests on those devices, and this is how we found such 0days. We do think that basic tests are not always done properly because of consumerization, money & time issues, etc. Recently, we found 0days against IP Camera surveillance, etc, by doing penetration tests. We live in world where everything has to be clean, beautiful, quick, easy, marketable, and certified. But what about IT Security, while everything gets more and more complex... We now all get Certified non-Ethically Hackable... "Good night, and Good luck." Best regards, Laurent OUDOT, from Washington DC, USA @BlackHatDC Briefings ( http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Oudot ) TEHTRI-Security - "This is not a Game." http://www.tehtri-security.com/ http://twitter/tehtris . Gents, If you are a lucky BlackBerry owner, or an administrator of many BB devices, you can do a quick security check of your smartphone(s), by browsing this web page from your device (free quick check): http://tehtris.com/bbcheck For now, this will check for you if you are potentially vulnerable against those exploits: -> Nov 2007 - US-CERT Advisory VU#282856 - Exploit from Michael Kemp http://www.blackberry.com/btsc/KB12577 -> Jan 2011 - CVE-2010-2599 - Exploit found by TEHTRI-Security http://www.blackberry.com/btsc/KB24841 -> Mar 2011 - CVE-2011-1290 - Awesome Pwn2own/CSW exploit from Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers A workaround for this latest vulnerability (CVE-2011-1290) could be to disable JavaScript, as explained on RIM resources. You should definitely read this: http://www.blackberry.com/btsc/KB26132 Have a nice day, Laurent OUDOT, CEO TEHTRI-Security -- "This is not a game" http://www.tehtri-security.com/ Follow us: @tehtris => Join us for more hacking tricks during next awesome events: - SyScan Singapore (April) -- Training: "Advanced PHP Hacking" http://www.syscan.org/index.php/sg/training - HITB Amsterdam (May) -- Training: "Hunting Web Attackers" http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability. A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users

Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777. WellinTech KingView 6.53 Contains a heap overflow vulnerability. WellinTech KingView 6.53 of HistorySrv service (777/tcp) Crafted Flink and Blink When processing pointers A heap overflow vulnerability exists. Attack code using this vulnerability has been released.WellinTech KingView Service disruption by a third party with access to (DoS) An attacker may be attacked or execute arbitrary code with user privileges. KingView is the configuration software in the HMI / SCADA series products produced by Beijing Yakong. This software is mainly used for process control and management monitoring of industrial automation. The software is deployed on the Windows operating system platform, and the 777 service port is opened for historical data synchronization. Because its 777 service port listening process, HistorySvr.exe, does not have adequate security controls in the process of processing data, an attacker can cause the service to crash or achieve overflow by sending a specially constructed data packet to the service port to gain operating system host management permissions. If you further guess the KingView 6.53 management system username and password installed on the host, you will directly gain control of the industrial system associated with it. KingView is prone to a heap-based buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. KingView 6.53 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: KingView HistorySvr Service Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42851 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42851/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42851 RELEASE DATE: 2011-01-11 DISCUSS ADVISORY: http://secunia.com/advisories/42851/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42851/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42851 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in KingView, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 6.53. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Dillon Beresford OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. Cisco IOS Run on CallManager Express There is a service disruption (DoS) There is a vulnerability that becomes a condition. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCta63555. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq24002. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. SOLUTION: Update to Cisco IOS version 15.0(1)XA5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. The problem is Bug ID CSCso05336 It is a problem.By a third party IRC Service disruption via connection to server (DoS) There is a possibility of being put into a state. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA are vulnerable. This issue being tracked by Cisco bug ID CSCso05336. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This vulnerability is related to \"broken magic value\". ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. Cisco IOS There is a memory leak and service disruption (DoS) There is a vulnerability that becomes a condition. An attacker can exploit these issues to cause an affected device to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtg41733. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. SOLUTION: Update to Cisco IOS version 15.0(1)XA5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. The problem is Bug ID CSCtb47950 It is a problem.Long term SIP TRUNK Service disruption through the transmission of (DoS) There is a possibility of being put into a state. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. A remote attacker can cause a denial of service (memory consumption) by sending this communication after an excessively long delay. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. The problem is Bug ID CSCte53635 It is a problem.By a third party HEAD Important information may be obtained through a request. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Remote attackers can obtain sensitive information with HEAD requests. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco ASA (Adaptive Security Appliance) 5500 Series, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when handling EIGRP multicast traffic can be exploited to exhaust certain system resources. 2) An error when handling TELNET connections can be exploited to bypass certain access restrictions by connecting to the lowest security level interface. Successful exploitation of this vulnerability requires valid credentials. 3) An error when handling unspecified IPSEC traffic can be exploited to cause a device to crash via a high volume of traffic. 4) An error in emWEB when handling filename requests can be exploited to crash the daemon by requesting a filename containing white space characters. 5) An error when handling packets during device startup can be exploited to bypass configured access restrictions. 6) An error when handling Online Certificate Status Protocol (OCSP) connection failures can be exploited by OCSP responders to exhaust TCP sockets by rejecting connection attempts. 7) An error in the WebVPN implementation when handling CIFS connections can be exploited to access a share via certain CIFS requests. Successful exploitation of this vulnerability requires valid credentials and CIFS file browsing to be disabled. 8) An error within SMTP inspection can be exploited to bypass the inspection via prepended space characters. 9) An error when handling LDAP connections can be exploited to exhaust memory resources via invalid authentication attempts. 10) An error within SIP inspection can be exploited to crash a device via a high volume of calls (greater than 600). 12) An error when handling unspecified multicast traffic can be exploited to crash a device. 13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be exploited to crash a device via a high volume of sessions (greater than 10000). The vulnerabilities are reported in versions prior to 8.2(4) and 8.3(2). SOLUTION: Update to versions 8.2(4) and 8.3(2). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5500 series security appliances with software prior to 8.3(2) are vulnerable

Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030. The problem is Bug ID : CSCte20030 Problem.Many third parties SIP Denial of service via call (DoS) May be in a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5500 series security appliances with software prior to 8.3(2) are vulnerable. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco ASA (Adaptive Security Appliance) 5500 Series, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when handling EIGRP multicast traffic can be exploited to exhaust certain system resources. 2) An error when handling TELNET connections can be exploited to bypass certain access restrictions by connecting to the lowest security level interface. Successful exploitation of this vulnerability requires valid credentials. 3) An error when handling unspecified IPSEC traffic can be exploited to cause a device to crash via a high volume of traffic. 4) An error in emWEB when handling filename requests can be exploited to crash the daemon by requesting a filename containing white space characters. 5) An error when handling packets during device startup can be exploited to bypass configured access restrictions. 6) An error when handling Online Certificate Status Protocol (OCSP) connection failures can be exploited by OCSP responders to exhaust TCP sockets by rejecting connection attempts. 7) An error in the WebVPN implementation when handling CIFS connections can be exploited to access a share via certain CIFS requests. Successful exploitation of this vulnerability requires valid credentials and CIFS file browsing to be disabled. 8) An error within SMTP inspection can be exploited to bypass the inspection via prepended space characters. 9) An error when handling LDAP connections can be exploited to exhaust memory resources via invalid authentication attempts. 11) An error in the Mobile User Security (MUS) service when handling HTTP requests from a Web Security Appliance (WSA) can be exploited to bypass authentication via a HEAD request. 12) An error when handling unspecified multicast traffic can be exploited to crash a device. 13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be exploited to crash a device via a high volume of sessions (greater than 10000). The vulnerabilities are reported in versions prior to 8.2(4) and 8.3(2). SOLUTION: Update to versions 8.2(4) and 8.3(2). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592. The problem is Bug ID CSCth36592 It is a problem.A large amount by a third party LAN-to-LAN (L2L) IPsec Service disruption through session (DoS) There is a possibility of being put into a state. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco ASA (Adaptive Security Appliance) 5500 Series, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when handling EIGRP multicast traffic can be exploited to exhaust certain system resources. 2) An error when handling TELNET connections can be exploited to bypass certain access restrictions by connecting to the lowest security level interface. Successful exploitation of this vulnerability requires valid credentials. 3) An error when handling unspecified IPSEC traffic can be exploited to cause a device to crash via a high volume of traffic. 4) An error in emWEB when handling filename requests can be exploited to crash the daemon by requesting a filename containing white space characters. 5) An error when handling packets during device startup can be exploited to bypass configured access restrictions. 6) An error when handling Online Certificate Status Protocol (OCSP) connection failures can be exploited by OCSP responders to exhaust TCP sockets by rejecting connection attempts. 7) An error in the WebVPN implementation when handling CIFS connections can be exploited to access a share via certain CIFS requests. Successful exploitation of this vulnerability requires valid credentials and CIFS file browsing to be disabled. 8) An error within SMTP inspection can be exploited to bypass the inspection via prepended space characters. 9) An error when handling LDAP connections can be exploited to exhaust memory resources via invalid authentication attempts. 10) An error within SIP inspection can be exploited to crash a device via a high volume of calls (greater than 600). 11) An error in the Mobile User Security (MUS) service when handling HTTP requests from a Web Security Appliance (WSA) can be exploited to bypass authentication via a HEAD request. 12) An error when handling unspecified multicast traffic can be exploited to crash a device. 13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be exploited to crash a device via a high volume of sessions (greater than 10000). The vulnerabilities are reported in versions prior to 8.2(4) and 8.3(2). SOLUTION: Update to versions 8.2(4) and 8.3(2). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742. The problem is Bug ID CSCtg61810 and CSCtg69742 It is a problem.Denial of service by a third party via multicast traffic (DoS) There is a possibility of being put into a state. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco ASA (Adaptive Security Appliance) 5500 Series, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when handling EIGRP multicast traffic can be exploited to exhaust certain system resources. 2) An error when handling TELNET connections can be exploited to bypass certain access restrictions by connecting to the lowest security level interface. Successful exploitation of this vulnerability requires valid credentials. 3) An error when handling unspecified IPSEC traffic can be exploited to cause a device to crash via a high volume of traffic. 4) An error in emWEB when handling filename requests can be exploited to crash the daemon by requesting a filename containing white space characters. 5) An error when handling packets during device startup can be exploited to bypass configured access restrictions. 6) An error when handling Online Certificate Status Protocol (OCSP) connection failures can be exploited by OCSP responders to exhaust TCP sockets by rejecting connection attempts. 7) An error in the WebVPN implementation when handling CIFS connections can be exploited to access a share via certain CIFS requests. Successful exploitation of this vulnerability requires valid credentials and CIFS file browsing to be disabled. 8) An error within SMTP inspection can be exploited to bypass the inspection via prepended space characters. 9) An error when handling LDAP connections can be exploited to exhaust memory resources via invalid authentication attempts. 10) An error within SIP inspection can be exploited to crash a device via a high volume of calls (greater than 600). 11) An error in the Mobile User Security (MUS) service when handling HTTP requests from a Web Security Appliance (WSA) can be exploited to bypass authentication via a HEAD request. 12) An error when handling unspecified multicast traffic can be exploited to crash a device. 13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be exploited to crash a device via a high volume of sessions (greater than 10000). The vulnerabilities are reported in versions prior to 8.2(4) and 8.3(2). SOLUTION: Update to versions 8.2(4) and 8.3(2). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. The problem is Bug ID CSCti24526 It is a problem.A large amount of different source addresses by a third party RA Interfering with service operation by sending a message (CPU Resource consumption and device hangs ) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability. A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users. This security advisory is released because Microsoft doesnt want to fix the issue. Cisco did for its IOS and ASA within 3 months. ________________________________________________________________________ Title: ICMPv6 Router Announcement flooding denial of service affecting multiple systems Date: 05 April 2011 URL: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt ________________________________________________________________________ Vendors: Cisco, Juniper, Microsoft, FreeBSD Affected Products: All Cisco IOS ASA with firmware < November 2010 All Netscreen versions All Windows versions All FreeBSD version Vulnerability: ICMPv6 Router Announcement flooding denial of service Severity: 7.8 (CVE CVSS Score), local network CVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669 ________________________________________________________________________ Update Section: 05 April 2011 Initial release ________________________________________________________________________ Overview: When flooding the local network with random router advertisements, hosts and routers update the network information, consuming all available CPU resources, making the systems unusable and unresponsive. As IPv6 and autoconfiguration are enabled by default, all are affected in their default configuration. For Windows, a personal firewall or similar security product does not protect against this attack. Note: Microsoft does not want to fix this security issue for their products. Impact: Updating the routing tables and configuring IPv6 addresses take up all available CPU resources. Routers and firewalls do not forward traffic. The denial of service is in affect until the flooding is terminated. The exact impact differs from the affected system type: Cisco: 100% traffic loss with autconfiguration active, 80% without. Netscreen: Only affected when the interface is configured as host, traffic is forwarded until the neighbor information times out, then the traffic is lost Windows: 100% CPU, 100% RAM FreeBSD: 100% CPU, additionally IPv6 support can be lost until reboot occasionally. Old Linux kernels are also affected, detailed version information unknown. Description: On IPv6 networks, hosts automatically find out about available routers via ICMPv6 router announcements which are sent by the routers. Additionally, router announcemens are used to replace DHCP by the so called autoconfiguration feature. Windows and FreeBSD - like all modern operating systems - enable IPv6 and autoconfiguration by default and are thereby vulnerable. A personal firewall will not protect against this attack. If a system receives a router announcement of a new router, it updates its routing table with the new router, and if the autoconfiguration flag is set on the announcement (and the host is configured to configure its IPv6 address by this mechanism), the host chooses an IPv6 address from the announced network space. If a network is flooded with random router announcements, systems scramble to update their routing tables and configure IPv6 addresses. Exploit: Flood the network with router advertisements coming from different routers and announcing different network prefixes. A tool to test for this vulnerability is included in the thc-ipv6 package, called flood_router6. Solution: Cisco: IOS fix CSCti24526 , ASA fix CSCti33534 Linux: fixed prior 2010 Netscreen: Juniper waiting for IETF results for how to fix the issue FreeBSD: unknown Windows: Microsoft made clear that they do not plan to issue a fix for this security issue. Workaround: The procession of router announcements must be disabled. Please consult your system manual on how to this for your affected platform. Alternatively, disable IPv6. ________________________________________________________________________ Vendor communication: 10 July 2010 Microsoft informed 10 July 2010 Cisco informed 01 August 2010 Cisco confirms problem, announces fix for October 12 August 2010 Microsoft confirms vulnerability, states no fix will be supplied. 22 November 2010 Cisco confirms fixes are available and started to be deployed in current firmwares 28 December 2010 vendor-sec informed (among other issues) 05 February 2011 FreeBSD informed (made aware via vendor-sec 5 weeks before) 20 February 2011 Juniper informed 09 March 2011 Juniper confirms problem 01 April 2011 Juniper informs that they work with the IETF to develop a standard method to cope with this and similar attacks. ________________________________________________________________________ Contact: Marc Heuse mh@mh-sec.de http://www.mh-sec.de ________________________________________________________________________ The information provided is released "as is" without warranty of any kind. The publisher disclaims all warranties, either express or implied, including all warranties of merchantability. No responsibility is taken for the correctness of this information. In no event shall the publisher be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if the publisher has been advised of the possibility of such damages. The contents of this advisory is copyright (c) 2010,2011 by Marc Heuse and may be distributed freely provided that no fee is charged for the distribution and proper credit is given. ________________________________________________________________________ -- Marc Heuse www.mh-sec.de PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. Cisco IOS of IPv6 In the stack Neighbor Discovery Protocol implementation includes service disruption (DoS) There is a vulnerability that becomes a condition. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability. A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This security advisory is released because Microsoft doesnt want to fix the issue. Cisco did for its IOS and ASA within 3 months. ________________________________________________________________________ Title: ICMPv6 Router Announcement flooding denial of service affecting multiple systems Date: 05 April 2011 URL: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt ________________________________________________________________________ Vendors: Cisco, Juniper, Microsoft, FreeBSD Affected Products: All Cisco IOS ASA with firmware < November 2010 All Netscreen versions All Windows versions All FreeBSD version Vulnerability: ICMPv6 Router Announcement flooding denial of service Severity: 7.8 (CVE CVSS Score), local network CVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669 ________________________________________________________________________ Update Section: 05 April 2011 Initial release ________________________________________________________________________ Overview: When flooding the local network with random router advertisements, hosts and routers update the network information, consuming all available CPU resources, making the systems unusable and unresponsive. As IPv6 and autoconfiguration are enabled by default, all are affected in their default configuration. For Windows, a personal firewall or similar security product does not protect against this attack. Note: Microsoft does not want to fix this security issue for their products. Impact: Updating the routing tables and configuring IPv6 addresses take up all available CPU resources. Routers and firewalls do not forward traffic. The denial of service is in affect until the flooding is terminated. The exact impact differs from the affected system type: Cisco: 100% traffic loss with autconfiguration active, 80% without. Netscreen: Only affected when the interface is configured as host, traffic is forwarded until the neighbor information times out, then the traffic is lost Windows: 100% CPU, 100% RAM FreeBSD: 100% CPU, additionally IPv6 support can be lost until reboot occasionally. Old Linux kernels are also affected, detailed version information unknown. Description: On IPv6 networks, hosts automatically find out about available routers via ICMPv6 router announcements which are sent by the routers. Additionally, router announcemens are used to replace DHCP by the so called autoconfiguration feature. Windows and FreeBSD - like all modern operating systems - enable IPv6 and autoconfiguration by default and are thereby vulnerable. A personal firewall will not protect against this attack. If a system receives a router announcement of a new router, it updates its routing table with the new router, and if the autoconfiguration flag is set on the announcement (and the host is configured to configure its IPv6 address by this mechanism), the host chooses an IPv6 address from the announced network space. If a network is flooded with random router announcements, systems scramble to update their routing tables and configure IPv6 addresses. Exploit: Flood the network with router advertisements coming from different routers and announcing different network prefixes. A tool to test for this vulnerability is included in the thc-ipv6 package, called flood_router6. Solution: Cisco: IOS fix CSCti24526 , ASA fix CSCti33534 Linux: fixed prior 2010 Netscreen: Juniper waiting for IETF results for how to fix the issue FreeBSD: unknown Windows: Microsoft made clear that they do not plan to issue a fix for this security issue. Workaround: The procession of router announcements must be disabled. Please consult your system manual on how to this for your affected platform. Alternatively, disable IPv6. ________________________________________________________________________ Vendor communication: 10 July 2010 Microsoft informed 10 July 2010 Cisco informed 01 August 2010 Cisco confirms problem, announces fix for October 12 August 2010 Microsoft confirms vulnerability, states no fix will be supplied. 22 November 2010 Cisco confirms fixes are available and started to be deployed in current firmwares 28 December 2010 vendor-sec informed (among other issues) 05 February 2011 FreeBSD informed (made aware via vendor-sec 5 weeks before) 20 February 2011 Juniper informed 09 March 2011 Juniper confirms problem 01 April 2011 Juniper informs that they work with the IETF to develop a standard method to cope with this and similar attacks. ________________________________________________________________________ Contact: Marc Heuse mh@mh-sec.de http://www.mh-sec.de ________________________________________________________________________ The information provided is released "as is" without warranty of any kind. The publisher disclaims all warranties, either express or implied, including all warranties of merchantability. No responsibility is taken for the correctness of this information. In no event shall the publisher be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if the publisher has been advised of the possibility of such damages. The contents of this advisory is copyright (c) 2010,2011 by Marc Heuse and may be distributed freely provided that no fee is charged for the distribution and proper credit is given. ________________________________________________________________________ -- Marc Heuse www.mh-sec.de PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. The problem is Bug ID CSCtg06316 Problem.By a third party, Denial of service via packet flood (DoS) May be in a state. An attacker can exploit these issues to cause denial-of-service conditions. These issues are being tracked by Cisco bug IDs CSCtg06316 and CSCtg63992