lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201608311210.6.spa@psirt.cisco.com>
Date: Wed, 31 Aug 2016 12:10:55 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability

Advisory ID: cisco-sa-20160831-spa

Revision 1.0

For Public Release: 2016 August 31 16:00  GMT

+-------------------------------------------------------------------------

Summary
=======

A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXxj/MAAoJEK89gD3EAJB5fiQP/iXbjAHIcxAZFq/nuKfScFTR
Tukk4gfyLP6SA8LJwHPEKGPeUrc/u5yC/UtqEUGEVGivI3THG+o/cQllS9Gry8Px
S4/2YwuLrihii68jEB4FqKrLrv+t8TpsQKTz9D//RiHeQ5GLQ1NIDliRA2y3jh3k
yG4txfpOrOjm5flIsL7nEdYt7eGqtJaJt5bfrBv2GFkpD3rGhKcKKYhV9sfisZe7
CVTcePwVvLSGd5ClkRbVJ0xDhMT9fCb9tsi1FUaMZwjL0t5UkWfdUpi3KjHxql7r
GZTBCOmcJ2ALMfK+mFTTT0TvlfogZs0vRo6PPKmYh57LDQ/sOZlrwBN4hw+2gOK+
wW9uQZMPixo1k7CL7NKbo/Vetm43x0yHJqWffgv5AGHX1RwLLR4Ccf1/PoQqBsh0
fKHdoXjvvLBubC6mvKvG99s8q63whlAz9OwhrJ/J4r9J/lLajarKyp2nJEa0ox7l
Ji8rI+o+EdlBpT8kufhlZjs5ute7l27QOFxsy4YMZnTAgEO3M39fMlW8jnVEBnxI
pKfgQJ+g/8jwSx3tHtzZA7OjjOP+F4Dj5TC1qcADrIHrk84ok2xojWqhTJZvO6yt
obvtQstJtoVtCyNZxKaMKJzWaVkiB8fEI7aMGk82ioCV+SytMMKbMxdxhDlxq0dU
kXBRTHvADTwjYYTunD6x
=bB6A
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ