lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201603090802.6.csc@psirt.cisco.com>
Date: Wed,  9 Mar 2016 08:02:27 -0800
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability

Advisory ID: cisco-sa-20160309-csc

Revision 1.0

For Public Release 2016 March 09 16:00  GMT (UTC)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module (CSC-SSM) could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system.

The vulnerability is due to improper handling of HTTPS packets transiting through the affected system. An attacker could exploit this vulnerability by sending HTTPS packets through the affected system at high rate. 

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW4CazAAoJEK89gD3EAJB5o5YQAMQYMbfDew3kqQ9ntfXBuySb
suvOc20TJ+/mOJ+nbxa/afXaTh3wYIdgVBoGT8ekxGm4X5KZPVfJ5clV6HFxNRNd
M5C+EFXPL3396k9ec3lipGGR2a4wzLKoQY9sKjeNyY3Nq1pumTTY3iPcltMEDfaN
VM5FrRJIdCCKEJvoLmdZa7vLkt9O3aqXKlJQuoHcYmYcTnUrF8Lc9KsO/A3CMDLk
EnTZrtXyiagNn3uB7nMYDiIwFMEFt+MJSIDh1Fr8Hpd/eRLv8nWetLvfuhfwdGmC
lREb/ozJB9pDrutxVV7DYUKEEakFdxeBBxGGwcUAIOY99RjBwvPZqw08rd3jNWI3
K7DTYptb2cOCMNMGaaUO3Ei2u4hpgL//Dv9Ug3wh87S6hThKriMvtRNL1895BxBP
HkNWrRVvJmczXo9AfY6XOIej4FbQ4Is13WyH/oR4X8vkuhD7ZcGsfQFK7e1d/Kw8
ShXr7bp+XhPBtOfKs4ETISZ9zREVlrKh7MKb4TJtFIKSIQ/WKXvFALWXDBEAueO8
r+ngNmHzTzpcG2laL8t/M2dxRKL6Dl9zK5LhsqbrgLHi/9d/iAlid65ri4R+hcao
UcOfLsO+ag9gpLc4eeoJOFGy7Vzfss712B/gqW8DKXFo0yhf0YWBQeDTNO6DOpeZ
hckk5kAkrcFSBoJowmC1
=K437
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ