| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <201611021201.6.tl1@psirt.cisco.com> Date: Wed, 2 Nov 2016 12:01:35 -0400 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability Advisory ID: cisco-sa-20161102-tl1 Revision: 1.0 For Public Release 2016 November 2 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. The vulnerability exists because the affected software performs incomplete bounds checks on input data. An attacker could exploit this vulnerability by sending a malicious request to the TL1 port, which could cause the device to reload. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1 -----BEGIN PGP SIGNATURE----- iQIVAwUBWBlmqq89gD3EAJB5AQIECBAAg/G8Bb3ELSIv8KeppZZNvnNuZu5+JXSS TzFdDS2jpr9gC93a2+lkuSzQd4JGRf52u2LGrGSlAE8nf9KQOootz297+N55211t huxuaE04Xn+Wnqi+HMhAN7i/fAqPXvy1MGdwuDs2j7SjuoKXOBpIjyPVbAflI8zx jX6TTV/qBH8FYhozONXSAtxC5l3KT2IkCyu8Wt+fsCmQgnWEBR5lnKVmWOyX7+sm +/H2mvrd+C8qJnNmIvizDIMSIMRLZXCRodyTGYcQqmO9Swaiu5ucIHcPe6oVSJvh 68SmLD0W2YAxuXkgX7Pr+hJh4/oN22jRNJkrYWO6Niy9mNEyJljp3eGWKMpbKXK7 Qe3DHZ5ILjLD7hzoUTZYIBhHkQvmJbAbXMuuIrGDxKnIqS/1G5q2nCoC99Qb66IA +mOoY/eehJUOFyyfX56NtQuXA5NLrseHWVyGtecLzB55nxqQ+bpvdkYDjV/7fUPc M+jgtTO1AhNkqT36Sqr8x0R152L+j6LxBbhT7DGPWjywmleHBGjqRSqC6nfRV8oz joTb5MScXvUqM/oyAO5F60A0eHjY2Y32B/ABe+GfHqtnFFiyUdofWgtpH6QPETbO QTg5inydNDrqppAA+T5JG3LZJpSn7PuIJ60HWFSirmgAgpHXhe7yCi2+X+6y9Fp/ S0Sdoo9MXGA= =leRx -----END PGP SIGNATURE-----
Powered by blists - more mailing lists