lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201511041104.6.wsa2@psirt.cisco.com>
Date: Wed,  4 Nov 2015 11:04:41 -0500
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Web Security Appliance Range Request Denial of Service Vulnerability

Advisory ID: cisco-sa-20151104-wsa2

Revision 1.0

For Public Release 2015 November 4 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the file-range request functionality of Cisco AsyncOS 
for Cisco Web Security Appliance (WSA) could allow an unauthenticated, 
remote attacker to cause a denial of service (DoS) condition on an 
appliance because the appliance runs out of system memory.

The vulnerability is due to a failure to free memory when a file range 
is requested through the Cisco WSA. An attacker could exploit this 
vulnerability by opening multiple connections that request file ranges 
through the WSA. A successful exploit could allow the attacker to cause 
the WSA to stop passing traffic when enough memory is used and not freed.

Cisco has released software updates that address this vulnerability. 
A workaround that mitigates this vulnerability is also available.

This advisory is available at the following link:

 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVjU+hopI1I6i1Mx3AQJRcg/+NIdwN6LOVr8XeSlK2mFK1ixg1ZbsyKeO
TCmiSNBpsGf0wHxPWY9qewUHMSkhxZaVvu7szc24EcA5bWbjuexc0scxRFLuU7Nm
LyDjmwRmKr/HVUvXg4wYnWT8y3VtijqVSTZSBnjskZGh4LO/095hZblYEas55Jzk
QfHuTH554H7IB6zYOoZdbEOCC0CNzl9AyGAuJAmrZ/udlaQs18nurJR9OSayAltM
7sTxH6SIqFyEy2/+8yqpvUEqMNocYqrEasLjbxR0o73vdlJ9wcOKtyPUpcEioRN3
7BqnYiqPurnBZt+CkBbu5ehgq+0wYdFyJfWyrzeNE9LRMD0SyJTrAu68Pvd0e6AS
0TlpCbiSdOrtLm7vl6v+pF6R3sg+Ve7I2v4w7GXjlZapdRN+vEJoObOk2KGot9kV
j3BKVy2RFwLgM+HJEvOCYNobQorb7+E72BkkBauBli8BE6pXI6mjvAxpADrYvv5r
fxL2enMX0MNtdUKxgV/t8QvAFiFxMf8bV3kfuqRUul+V/MPQF3nbubtebMQruDT+
3HhyoxwE1xV9HjEWOgrxpEwW/p4nxalF7RTbywbxllaHsMH8hhJYlyFmKL7jkRL8
VS8Oj6PX0P4MJX5TpCsMk8k0pjLYpnGsH+Jbl+CgkLA59DPeerBDhoBH45FbsCMn
80LINw5zqH8=
=TsjI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ