| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jul 2016 15:25:48 -0400 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products Advisory ID: cisco-sa-20160721-asn1c Revision: 1.0 For Public Release: 2016 July 21 19:00 GMT +--------------------------------------------------------------------- Summary ======= A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function. US-CERT has released Vulnerability Note VU#790839 to document the issue. Cisco will release software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1c -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXkR+jAAoJEK89gD3EAJB5pDMQAOb/g5NPySkVBdpzDwjBFI58 u3tDBTRzvAVjleEW93WjHrEDtsq3exaUv9L2hdbwZrMvFFVqB1IVshfO9BMLDg7d An4jxh7uMRsGH7IGI95s032/8zD0RPqUeZ/eqh5kqV9r43N6UCSWIEsnXGGMnbZP KULIIzJYclG3f9q79wQ/kdTBc2KGHcTAAIaQogczXhUGEdFl7je/zQUrG91FB90O I5E8DvDe8UJYOWdGHQ64Er/LL+lfhmEyvBqKcWHo1eSYGLGn/5yVQPMFoMpwEcAi 9PeM1nCWEjc0kw/IyKTK3k54PbBwGjtwSTK659F6DsX6zqFcXPorcLtVQv+AyQ5o 6JeuQiBx6ab+qdrpruKB4AWXvvI1uE0TtYtH+pv8xyH30Z5r/aeb/Rum8zgehc/j 3G8Gr58gghMt34Hxt+nfropRiGRMl+8Saj8rpfdsLWgIO711vB3RCz7sOEggAvzp Th7KCga9G7uZNnmWy/NYm5MGk+h+bj1Nue5p8ZgPMqVwkRC9yQt5gzHWMlKSni6m HVyh41wicmoTrd44dOWr5pDXKvbQ7P/Me3ZcJxwZr/A57qHOdPNc0lwtzniIb1O8 rbAqG7gOWe9M78A8A8Bo3PV2e0XdeaCz4L8lzmR3Nnq8j5LORZjB6qKhR7oBtTpU 1s0pX/1fYtuQFO0uK5ah =S9PG -----END PGP SIGNATURE-----
Powered by blists - more mailing lists