VARIoT IoT vulnerabilities database
| VAR-201101-0320 | CVE-2010-4683 | Cisco IOS Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. Cisco IOS There is a memory leak and service disruption (DoS) There is a vulnerability that becomes a condition.
An attacker can exploit these issues to cause an affected device to crash, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtg41733. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco IOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious users to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when processing certain IRC traffic can be exploited to
cause a device reload by accessing an IRC channel within 36 hours of
a reload.
2) An error in the CME (Communication Manager Express) component when
handling a SNR number change menu from an extension mobility phone can
be exploited to crash the device.
4) An error in the PKI implementation does not clear the public key
cache for the peers when the certificate map is changed. This can be
exploited to reconnect and bypass the certificate ban.
5) A memory fragmentation error in the CME (Communication Manager
Express) component when handling SIP TRUNK traffic can be exploited
to exhaust memory resources via specially crafted SIP packets.
SOLUTION:
Update to Cisco IOS version 15.0(1)XA5.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0322 | CVE-2010-4685 | Cisco IOS Vulnerabilities that can be bypassed by certificate maps |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability.
Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions.
Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco IOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious users to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when processing certain IRC traffic can be exploited to
cause a device reload by accessing an IRC channel within 36 hours of
a reload.
2) An error in the CME (Communication Manager Express) component when
handling a SNR number change menu from an extension mobility phone can
be exploited to crash the device.
3) A memory leak when processing UDP SIP REGISTER packets can be
exploited to exhaust memory resources via a specially crafted SIP
packet. This can be
exploited to reconnect and bypass the certificate ban.
5) A memory fragmentation error in the CME (Communication Manager
Express) component when handling SIP TRUNK traffic can be exploited
to exhaust memory resources via specially crafted SIP packets.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0321 | CVE-2010-4684 | Cisco IOS Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability.
Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions.
Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment
| VAR-201101-0323 | CVE-2010-4686 | Cisco IOS Run on CallManager Express Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. The problem is Bug ID CSCtb47950 It is a problem.Long term SIP TRUNK Service disruption through the transmission of (DoS) There is a possibility of being put into a state. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability.
Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions.
Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. A remote attacker can cause a denial of service (memory consumption) by sending this communication after an excessively long delay. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco IOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious users to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when processing certain IRC traffic can be exploited to
cause a device reload by accessing an IRC channel within 36 hours of
a reload.
2) An error in the CME (Communication Manager Express) component when
handling a SNR number change menu from an extension mobility phone can
be exploited to crash the device.
3) A memory leak when processing UDP SIP REGISTER packets can be
exploited to exhaust memory resources via a specially crafted SIP
packet.
4) An error in the PKI implementation does not clear the public key
cache for the peers when the certificate map is changed. This can be
exploited to reconnect and bypass the certificate ban.
5) A memory fragmentation error in the CME (Communication Manager
Express) component when handling SIP TRUNK traffic can be exploited
to exhaust memory resources via specially crafted SIP packets.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0324 | CVE-2010-4687 | Cisco IOS Run on STCAPP Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability.
Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions.
Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment
| VAR-201101-0327 | CVE-2010-4690 | Cisco Adaptive Security Appliances Runs on the device Mobile User Security Vulnerability in which important information is obtained |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. The problem is Bug ID CSCte53635 It is a problem.By a third party HEAD Important information may be obtained through a request. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability.
Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Remote attackers can obtain sensitive information with HEAD requests. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0326 | CVE-2010-4689 | Cisco Adaptive Security Appliances Vulnerabilities that prevent access restrictions on devices |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability.
Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible.
Cisco ASA 5500 series security appliances with software prior to 8.3(2) are vulnerable
| VAR-201101-0325 | CVE-2010-4688 | Cisco Adaptive Security Appliances On the device SIP Denial of service in inspection function (DoS) Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030. The problem is Bug ID : CSCte20030 Problem.Many third parties SIP Denial of service via call (DoS) May be in a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability.
Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible.
Cisco ASA 5500 series security appliances with software prior to 8.3(2) are vulnerable. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0306 | CVE-2010-4692 | Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592. The problem is Bug ID CSCth36592 It is a problem.A large amount by a third party LAN-to-LAN (L2L) IPsec Service disruption through session (DoS) There is a possibility of being put into a state. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability.
Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0305 | CVE-2010-4691 | Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742. The problem is Bug ID CSCtg61810 and CSCtg69742 It is a problem.Denial of service by a third party via multicast traffic (DoS) There is a possibility of being put into a state. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability.
Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0314 | CVE-2010-4670 |
Cisco ASA 5500 Series IPv6 of ND Service disruption in protocol implementation (DoS) Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201101-0731 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. The problem is Bug ID CSCti24526 It is a problem.A large amount of different source addresses by a third party RA Interfering with service operation by sending a message (CPU Resource consumption and device hangs ) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability.
A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users. This security advisory is released because Microsoft doesnt want to fix
the issue. Cisco did for its IOS and ASA within 3 months.
________________________________________________________________________
Title: ICMPv6 Router Announcement flooding denial of service affecting
multiple systems
Date: 05 April 2011
URL: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
________________________________________________________________________
Vendors: Cisco, Juniper, Microsoft, FreeBSD
Affected Products: All Cisco IOS ASA with firmware < November 2010
All Netscreen versions
All Windows versions
All FreeBSD version
Vulnerability: ICMPv6 Router Announcement flooding denial of service
Severity: 7.8 (CVE CVSS Score), local network
CVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669
________________________________________________________________________
Update Section:
05 April 2011
Initial release
________________________________________________________________________
Overview:
When flooding the local network with random router advertisements,
hosts and routers update the network information, consuming all
available CPU resources, making the systems unusable and unresponsive.
As IPv6 and autoconfiguration are enabled by default, all are
affected in their default configuration.
For Windows, a personal firewall or similar security product does not
protect against this attack.
Note: Microsoft does not want to fix this security issue for their
products.
Impact:
Updating the routing tables and configuring IPv6 addresses take up
all available CPU resources.
Routers and firewalls do not forward traffic.
The denial of service is in affect until the flooding is terminated.
The exact impact differs from the affected system type:
Cisco: 100% traffic loss with autconfiguration active, 80% without.
Netscreen: Only affected when the interface is configured as host, traffic
is forwarded until the neighbor information times out, then the traffic
is lost
Windows: 100% CPU, 100% RAM
FreeBSD: 100% CPU, additionally IPv6 support can be lost until reboot
occasionally.
Old Linux kernels are also affected, detailed version information unknown.
Description:
On IPv6 networks, hosts automatically find out about available
routers via ICMPv6 router announcements which are sent by the
routers. Additionally, router announcemens are used to replace
DHCP by the so called autoconfiguration feature.
Windows and FreeBSD - like all modern operating systems - enable
IPv6 and autoconfiguration by default and are thereby vulnerable.
A personal firewall will not protect against this attack.
If a system receives a router announcement of a new router, it
updates its routing table with the new router, and if the
autoconfiguration flag is set on the announcement (and the host
is configured to configure its IPv6 address by this mechanism),
the host chooses an IPv6 address from the announced network space.
If a network is flooded with random router announcements, systems
scramble to update their routing tables and configure IPv6
addresses.
Exploit:
Flood the network with router advertisements coming from different
routers and announcing different network prefixes.
A tool to test for this vulnerability is included in the thc-ipv6
package, called flood_router6.
Solution:
Cisco: IOS fix CSCti24526 , ASA fix CSCti33534
Linux: fixed prior 2010
Netscreen: Juniper waiting for IETF results for how to fix the issue
FreeBSD: unknown
Windows: Microsoft made clear that they do not plan to issue a
fix for this security issue.
Workaround:
The procession of router announcements must be disabled.
Please consult your system manual on how to this for your
affected platform.
Alternatively, disable IPv6.
________________________________________________________________________
Vendor communication:
10 July 2010 Microsoft informed
10 July 2010 Cisco informed
01 August 2010 Cisco confirms problem, announces fix for October
12 August 2010 Microsoft confirms vulnerability, states no fix
will be supplied.
22 November 2010 Cisco confirms fixes are available and started to
be deployed in current firmwares
28 December 2010 vendor-sec informed (among other issues)
05 February 2011 FreeBSD informed (made aware via vendor-sec 5 weeks
before)
20 February 2011 Juniper informed
09 March 2011 Juniper confirms problem
01 April 2011 Juniper informs that they work with the IETF to
develop a standard method to cope with this and
similar attacks.
________________________________________________________________________
Contact:
Marc Heuse
mh@mh-sec.de
http://www.mh-sec.de
________________________________________________________________________
The information provided is released "as is" without warranty of
any kind. The publisher disclaims all warranties, either express or
implied, including all warranties of merchantability.
No responsibility is taken for the correctness of this information.
In no event shall the publisher be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of
business profits or special damages, even if the publisher has been
advised of the possibility of such damages.
The contents of this advisory is copyright (c) 2010,2011 by Marc Heuse
and may be distributed freely provided that no fee is charged for
the distribution and proper credit is given.
________________________________________________________________________
--
Marc Heuse
www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
| VAR-201101-0315 | CVE-2010-4671 |
Cisco IOS of Neighbor Discovery Service disruption in protocol implementation (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0731 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. Cisco IOS of IPv6 In the stack Neighbor Discovery Protocol implementation includes service disruption (DoS) There is a vulnerability that becomes a condition. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability.
A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This security advisory is released because Microsoft doesnt want to fix
the issue. Cisco did for its IOS and ASA within 3 months.
________________________________________________________________________
Title: ICMPv6 Router Announcement flooding denial of service affecting
multiple systems
Date: 05 April 2011
URL: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
________________________________________________________________________
Vendors: Cisco, Juniper, Microsoft, FreeBSD
Affected Products: All Cisco IOS ASA with firmware < November 2010
All Netscreen versions
All Windows versions
All FreeBSD version
Vulnerability: ICMPv6 Router Announcement flooding denial of service
Severity: 7.8 (CVE CVSS Score), local network
CVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669
________________________________________________________________________
Update Section:
05 April 2011
Initial release
________________________________________________________________________
Overview:
When flooding the local network with random router advertisements,
hosts and routers update the network information, consuming all
available CPU resources, making the systems unusable and unresponsive.
As IPv6 and autoconfiguration are enabled by default, all are
affected in their default configuration.
For Windows, a personal firewall or similar security product does not
protect against this attack.
Note: Microsoft does not want to fix this security issue for their
products.
Impact:
Updating the routing tables and configuring IPv6 addresses take up
all available CPU resources.
Routers and firewalls do not forward traffic.
The denial of service is in affect until the flooding is terminated.
The exact impact differs from the affected system type:
Cisco: 100% traffic loss with autconfiguration active, 80% without.
Netscreen: Only affected when the interface is configured as host, traffic
is forwarded until the neighbor information times out, then the traffic
is lost
Windows: 100% CPU, 100% RAM
FreeBSD: 100% CPU, additionally IPv6 support can be lost until reboot
occasionally.
Old Linux kernels are also affected, detailed version information unknown.
Description:
On IPv6 networks, hosts automatically find out about available
routers via ICMPv6 router announcements which are sent by the
routers. Additionally, router announcemens are used to replace
DHCP by the so called autoconfiguration feature.
Windows and FreeBSD - like all modern operating systems - enable
IPv6 and autoconfiguration by default and are thereby vulnerable.
A personal firewall will not protect against this attack.
If a system receives a router announcement of a new router, it
updates its routing table with the new router, and if the
autoconfiguration flag is set on the announcement (and the host
is configured to configure its IPv6 address by this mechanism),
the host chooses an IPv6 address from the announced network space.
If a network is flooded with random router announcements, systems
scramble to update their routing tables and configure IPv6
addresses.
Exploit:
Flood the network with router advertisements coming from different
routers and announcing different network prefixes.
A tool to test for this vulnerability is included in the thc-ipv6
package, called flood_router6.
Solution:
Cisco: IOS fix CSCti24526 , ASA fix CSCti33534
Linux: fixed prior 2010
Netscreen: Juniper waiting for IETF results for how to fix the issue
FreeBSD: unknown
Windows: Microsoft made clear that they do not plan to issue a
fix for this security issue.
Workaround:
The procession of router announcements must be disabled.
Please consult your system manual on how to this for your
affected platform.
Alternatively, disable IPv6.
________________________________________________________________________
Vendor communication:
10 July 2010 Microsoft informed
10 July 2010 Cisco informed
01 August 2010 Cisco confirms problem, announces fix for October
12 August 2010 Microsoft confirms vulnerability, states no fix
will be supplied.
22 November 2010 Cisco confirms fixes are available and started to
be deployed in current firmwares
28 December 2010 vendor-sec informed (among other issues)
05 February 2011 FreeBSD informed (made aware via vendor-sec 5 weeks
before)
20 February 2011 Juniper informed
09 March 2011 Juniper confirms problem
01 April 2011 Juniper informs that they work with the IETF to
develop a standard method to cope with this and
similar attacks.
________________________________________________________________________
Contact:
Marc Heuse
mh@mh-sec.de
http://www.mh-sec.de
________________________________________________________________________
The information provided is released "as is" without warranty of
any kind. The publisher disclaims all warranties, either express or
implied, including all warranties of merchantability.
No responsibility is taken for the correctness of this information.
In no event shall the publisher be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of
business profits or special damages, even if the publisher has been
advised of the possibility of such damages.
The contents of this advisory is copyright (c) 2010,2011 by Marc Heuse
and may be distributed freely provided that no fee is charged for
the distribution and proper credit is given.
________________________________________________________________________
--
Marc Heuse
www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco IOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42917
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42917/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42917/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42917/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious users to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when processing certain IRC traffic can be exploited to
cause a device reload by accessing an IRC channel within 36 hours of
a reload.
2) An error in the CME (Communication Manager Express) component when
handling a SNR number change menu from an extension mobility phone can
be exploited to crash the device.
3) A memory leak when processing UDP SIP REGISTER packets can be
exploited to exhaust memory resources via a specially crafted SIP
packet.
4) An error in the PKI implementation does not clear the public key
cache for the peers when the certificate map is changed. This can be
exploited to reconnect and bypass the certificate ban.
5) A memory fragmentation error in the CME (Communication Manager
Express) component when handling SIP TRUNK traffic can be exploited
to exhaust memory resources via specially crafted SIP packets.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0317 | CVE-2010-4673 | Cisco Adaptive Security Appliances Denial of service on device (DoS) Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. The problem is Bug ID CSCtg06316 Problem.By a third party, Denial of service via packet flood (DoS) May be in a state.
An attacker can exploit these issues to cause denial-of-service conditions.
These issues are being tracked by Cisco bug IDs CSCtg06316 and CSCtg63992
| VAR-201101-0328 | CVE-2010-4674 | Cisco ASA 5500 Service disruption in the series (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992. The problem is Bug ID CSCtg63992 It is a problem.Denial of service by a third party via multicast traffic ( Block depletion ) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services.
An attacker can exploit these issues to cause denial-of-service conditions.
These issues are being tracked by Cisco bug IDs CSCtg06316 and CSCtg63992. A remote attacker can cause denial of service (block consumption) with the help of multicast communication. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multicast Traffic Denial of Service
SECUNIA ADVISORY ID:
SA42942
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42942/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42942
RELEASE DATE:
2011-01-17
DISCUSS ADVISORY:
http://secunia.com/advisories/42942/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42942/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42942
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco ASA (Adaptive Security
Appliance) 5500 Series, which can be exploited by malicious people to
cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error when handling
multicast traffic and can be exploited to exhaust certain resources
(1550 blocks).
The vulnerability is reported in version 8.2(4) and prior.
SOLUTION:
Restrict access to trusted hosts only (e.g. via network access
control lists).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0329 | CVE-2010-4675 |
Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504. The problem is Bug ID CSCsv40504 It is a problem.Service disruption by remotely authenticated user (DoS) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0316 | CVE-2010-4672 |
Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269. Cisco Adaptive Security Appliances (ASA) Device has a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug IDs CSCtf20269 It is a problem.By a third party EIGRP Through traffic EIGRP Multicast storm is triggered and service operation is interrupted (DoS) There is a possibility of being put into a state. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0330 | CVE-2010-4676 |
Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. The problem is Bug ID CSCsx52748 It is a problem.Remotely authenticated users can IPsec Service disruption through traffic (DoS) There is a possibility of being put into a state. Cisco ASA 5500 series appliances are prone to multiple remote vulnerabilities, including:
Multiple security-bypass vulnerabilities
Multiple denial-of-service vulnerabilities
Attackers can exploit these issues to cause denial-of-service conditions or bypass certain security restrictions. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0310 | CVE-2010-4677 |
Cisco Adaptive Security Appliances Runs on the device emWEB Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. Cisco Adaptive Security Appliances Runs on the device emWEB There is a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID CSCsy08416 It is a problem.Denial of service operation by a third party through a request for a document that contains a space in the file name (DoS) There is a possibility of being put into a state. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0313 | CVE-2010-4680 |
Cisco Adaptive Security Appliances Device WebVPN Vulnerabilities that prevent access restrictions in the implementation
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
6) An error when handling Online Certificate Status Protocol (OCSP)
connection failures can be exploited by OCSP responders to exhaust
TCP sockets by rejecting connection attempts.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0312 | CVE-2010-4679 |
Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201101-0413 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. The problem is Bug ID CSCsz36816 It is a problem.remote OCSP Service disruption due to rejection of connection attempt by responder (DoS) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. Cisco ASA 5500 series appliances are prone to multiple remote vulnerabilities, including:
Multiple security-bypass vulnerabilities
Multiple denial-of-service vulnerabilities
Attackers can exploit these issues to cause denial-of-service conditions or bypass certain security restrictions. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco ASA 5500 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42931
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42931/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
RELEASE DATE:
2011-01-18
DISCUSS ADVISORY:
http://secunia.com/advisories/42931/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42931/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42931
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco ASA (Adaptive
Security Appliance) 5500 Series, which can be exploited by malicious
users and malicious people to bypass certain security restrictions
and by malicious people to cause a DoS (Denial of Service).
1) An error when handling EIGRP multicast traffic can be exploited to
exhaust certain system resources.
2) An error when handling TELNET connections can be exploited to
bypass certain access restrictions by connecting to the lowest
security level interface.
Successful exploitation of this vulnerability requires valid
credentials.
3) An error when handling unspecified IPSEC traffic can be exploited
to cause a device to crash via a high volume of traffic.
4) An error in emWEB when handling filename requests can be exploited
to crash the daemon by requesting a filename containing white space
characters.
5) An error when handling packets during device startup can be
exploited to bypass configured access restrictions.
7) An error in the WebVPN implementation when handling CIFS
connections can be exploited to access a share via certain CIFS
requests.
Successful exploitation of this vulnerability requires valid
credentials and CIFS file browsing to be disabled.
8) An error within SMTP inspection can be exploited to bypass the
inspection via prepended space characters.
9) An error when handling LDAP connections can be exploited to
exhaust memory resources via invalid authentication attempts.
10) An error within SIP inspection can be exploited to crash a device
via a high volume of calls (greater than 600).
11) An error in the Mobile User Security (MUS) service when handling
HTTP requests from a Web Security Appliance (WSA) can be exploited to
bypass authentication via a HEAD request.
12) An error when handling unspecified multicast traffic can be
exploited to crash a device.
13) An error when handling LAN-to-LAN (L2L) IPSEC sessions can be
exploited to crash a device via a high volume of sessions (greater
than 10000).
The vulnerabilities are reported in versions prior to 8.2(4) and
8.3(2).
SOLUTION:
Update to versions 8.2(4) and 8.3(2).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------