lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201601271116.6.waascifs@psirt.cisco.com>
Date: Wed, 27 Jan 2016 11:16:46 -0500
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Wide Area Application Service CIFS Denial of Service Vulnerability

Advisory ID: cisco-sa-20160127-waascifs

Revision 1.0

For Public Release 2016 January 27 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Common Internet File System (CIFS) optimization 
feature of the Cisco Wide Area Application Service (WAAS) device could 
allow an unauthenticated, remote attacker to perform a resource
consumption attack which, could result in a complete denial of service 
(DoS) condition.
 
The vulnerability is due to insufficient flow handling of incoming CIFS 
traffic. An attacker could exploit this vulnerability by sending
malicious traffic designed to trigger the vulnerability. An exploit
could allow the attacker to cause a DoS condition by exhausting system 
buffering resources, resulting in a reload of the affected device.


This advisory is available at the following link: 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVqfRmq89gD3EAJB5AQJDDxAAn8gJTfbn8TEzTYDMNETTOy3xObGLUA6f
70wnslFvQz4hgV4J9Op6PC54PtEyuu9DE2w2cS2QfOGmIUN1zH1+/C7HSRCaS5xc
nYftgXwI/aW4bay9mUDi5ONiz/6akZrSQ9uJhsTvs+UWe0UmMy1UTeOUj738P8g4
pwjaMgSWoxp5uyHGfGg3fs5ZUIajb/VbpMMV55p3J267W/Hbq6JPOp7VkZ6IAF6p
q47BjgWzPLtTOTzlEce5U/QRrHD3nSCMp3o6jZEupJV+oX6UlrjFIEz/rYunlFDp
wzOsvl3qgzK4Nk9x3obmBbVCbYqJoRgEC8RBOHAFfs8cOrT3tKSTYhGdnfxt2+Nw
NbEV/6QoMDb6fQA45hTbL5wQxm4ZRkghMhynnfK4mZF6be/vySa5rywAOrTXmeqf
h2P7QxxcH2AW64nx8EN2sPnKQNVckwp6aOtAYAKsZGU3ig5OCNu6BzggVyvSrFHw
oD5UffKaWcmsKq7c+y3G8eyNep0wlmjZsai/TlrpKPMWyr5Tu/xD0SavJJXtu/o8
B+BF8xG8Fft60gE1hD6aWCYOna0MGYx6ElFIBxnOs69f7DREpvuEFunyUsrV0kL4
5+Zh1pL+G2thymron/FLZl98itQInoHhXCFlkjg3fz5CL/rZbeEkXNXDbK/Dh8ii
dc5T22b+OmA=
=76fK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ