lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed,  4 Nov 2015 11:03:55 -0500
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability

Advisory ID: cisco-sa-20151104-wsa1

Revision 1.0

For Public Release 2015 November 4 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the proxy cache functionality of Cisco AsyncOS for 
Cisco Web Security Appliance (WSA) could allow an unauthenticated, 
remote attacker to cause a denial of service (DoS) condition because 
the device runs out of system memory.

The vulnerability is due to improper memory operations by the affected 
software. The software fails to free a memory object when it retrieves 
data from the proxy server cache to terminate a TCP connection. An 
attacker could exploit this vulnerability by opening many proxy 
connections through the WSA. An exploit could allow the attacker to 
cause the WSA to stop passing traffic when enough memory is leaked.

Cisco has released software updates that address this vulnerability. 
A workaround that mitigates this vulnerability is also available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVjU+cYpI1I6i1Mx3AQI+ww//RagxLWcIsbnUqMk4yZ0BZmSMjcpNqgUp
CLz5cIhCX3P4/6kK0mc1ad3o6LtqFeMCc0cooj6p83+CfeatAfdg8A65HrJ8Pp8S
5JimnhoAtMkAQUrUJJ0ch/mB4TMMhAGHSNnfBoleDhzn2Cc6uvk9MMNds5ERwU0z
HHRq+kpVSzawf9LJpWpauf1RulXxH5KgsuQ7eeSqCdRGPGrH5Eg3FyA4O0DrACf4
FlgTvjz2qcXiwneQtOZ/eTD7N18YNgh3c/IqIwjWTDTJCUmEXRNfgDjZFP0aDv9f
6qhDJh2D18Fdh+EA+Y0iVUXP6r7HJrASM2qAqqJPSoawheyCZx48+gi5+QB/p7Ds
M2MR6EgblF8DQcZHByMF7k8HCCMZEZu8PIqOwLQfI4v40qTTsKP4g4+IngdaGZ7h
dFkM+93cpk+GbZIc7ATaePxnzA9l6T77eSYnfxIxHPHSZShU43W4W+mubyZyjeEz
dwUPWv9Dm9uvZjH375aBmVFzxcdttXPSHq7iatpguEeojUGOl2kFRU4FYdPLx54b
B4AMxlkwq73vhCEgoHjQ+pLMo3ep9tMjegfs0TlRwCi3lh8fBCzUojdMSJaQS8+V
8ipBwfieLRKHIDH8cV6y1FFKMmKc5tvb5yvXJnbXO+kltDhC9SpjKtqFkY7P7gV4
EpOZS1OWeE8=
=jTdT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ