[170437] in North American Network Operators' Group
Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of
daemon@ATHENA.MIT.EDU (cbr)
Thu Mar 27 11:02:49 2014
From: cbr <list@mass-distortion.net>
In-Reply-To: <CAEydrT8gw03wDWruY+_hxR+FA77V_fsAWMcRk7Q2Q3voA0oXeg@mail.gmail.com>
Date: Thu, 27 Mar 2014 09:02:17 -0600
To: kendrick eastes <keastes@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_3AFC1477-6147-4754-98AE-2B5805C6E6B6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
For anyone who was subscribed to the old full-disclosure list ... Fydor =
of nmap has brought it back to life.
Infolink @ http://insecure.org/news/fulldisclosure/
Subscribe @ http://nmap.org/mailman/listinfo/fulldisclosure
On Mar 26, 2014, at 10:52 AM, kendrick eastes <keastes@gmail.com> wrote:
> The Full-disclosure mailing list was recently... retired, I guess =
cisco
> thought NANOG was the next best place.
>=20
>=20
> On Wed, Mar 26, 2014 at 10:45 AM, rwebb@ropeguru.com =
<rwebb@ropeguru.com>wrote:
>=20
>>=20
>> Is this normal for the list to diretly get Cisco security advisories =
or
>> something new. First time I have seen these.
>>=20
>> Robert
>>=20
>>=20
>> On Wed, 26 Mar 2014 12:10:00 -0400
>> Cisco Systems Product Security Incident Response Team =
<psirt@cisco.com>
>> wrote:
>>=20
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>=20
>>> Cisco IOS Software SSL VPN Denial of Service Vulnerability
>>>=20
>>> Advisory ID: cisco-sa-20140326-ios-sslvpn
>>>=20
>>> Revision 1.0
>>>=20
>>> For Public Release 2014 March 26 16:00 UTC (GMT)
>>>=20
>>> Summary
>>> =3D=3D=3D=3D=3D=3D=3D
>>>=20
>>> A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of =
Cisco
>>> IOS Software could allow an unauthenticated, remote attacker to =
cause a
>>> denial of service (DoS) condition.
>>>=20
>>> The vulnerability is due to a failure to process certain types of =
HTTP
>>> requests. To exploit the vulnerability, an attacker could submit =
crafted
>>> requests designed to consume memory to an affected device. An =
exploit could
>>> allow the attacker to consume and fragment memory on the affected =
device.
>>> This may cause reduced performance, a failure of certain processes, =
or a
>>> restart of the affected device.
>>>=20
>>> Cisco has released free software updates that address this =
vulnerability.
>>> There are no workarounds to mitigate this vulnerability.
>>>=20
>>> This advisory is available at the following link:
>>> http://tools.cisco.com/security/center/content/
>>> CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn
>>>=20
>>> Note: The March 26, 2014, Cisco IOS Software Security Advisory =
bundled
>>> publication includes six Cisco Security Advisories. All advisories =
address
>>> vulnerabilities in Cisco IOS Software. Each Cisco IOS Software =
Security
>>> Advisory lists the Cisco IOS Software releases that correct the
>>> vulnerability or vulnerabilities detailed in the advisory as well as =
the
>>> Cisco IOS Software releases that correct all Cisco IOS Software
>>> vulnerabilities in the March 2014 bundled publication.
>>>=20
>>> Individual publication links are in Cisco Event Response: Semiannual
>>> Cisco IOS Software Security Advisory Bundled Publication at the =
following
>>> link:
>>>=20
>>> =
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
>>> Comment: GPGTools - http://gpgtools.org
>>>=20
>>> iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+
>>> mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i
>>> uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc
>>> X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd
>>> atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn
>>> dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo
>>> RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8
>>> 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ
>>> 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd
>>> EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB
>>> ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7
>>> RF3x0wYuErbbC7N9m1UH
>>> =3D1Ixo
>>> -----END PGP SIGNATURE-----
>>>=20
>>>=20
>>=20
>>=20
--Apple-Mail=_3AFC1477-6147-4754-98AE-2B5805C6E6B6
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTND15AAoJEPDqPpROZyG2ZCIP/00AO9Qse3WBI1b7r04xFhqq
plgGP3cZUr3SldgkDLdTec7POe2Z+ZihYykZXM7v9DZ69bizb6J0cWSIAm9vtBod
sG1Jbz6xkXXlC1gf61ojFXeaWfB4h7S1zmuHYzaOy4uHsBdhC4pQhEw/q7meqA0p
5wPeuoO+Fr4CN6XabIGCqAbKW/xfQKbP24dRyq1FPcD+AQ+QRV5BYRkjN6rLs6Nl
zzc7KFPq8Unnf/ut7UVipGXdxXkndfhXZZtCN7CIBbo/KBobdJUe1LyWS8ZCgG1B
bYNlH5iXnyQZwg7PEmgaqJtVzKhzgm6gyFEZaGqUEJa5szCwP25CI1pay4bT2m1C
o+Uh+qKhq/RTd5kimRQsfEkpLQxJ9NwCOlWzrZzgjUKZIHbfN243/8Ya6LTZuF1m
mqtpShxBBteX90gTO4A+UdC8AMW9pH13l4GTwY10c01o1MwidbTXBInhw1dNIeFI
Zt6p3eecGO6xi6zMUlGxK9HQe6Eoe7ZUcztKbtFq298eF/74edZ1wND2YQ6guLiO
V+KQnHgdT8YBeqRAoSiiXjs7HF4o60CAy2qDoDp518My+i00XUDZVnDXZpYroejT
GZhM03k9eOiv0zhAlBrAIGN+utTFJnhB/YumawiLGEpr64jKEgy5w+f5PzqJV8d/
guV8G8Q6uGRefUc6nE7j
=Yr3j
-----END PGP SIGNATURE-----
--Apple-Mail=_3AFC1477-6147-4754-98AE-2B5805C6E6B6--
