lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 25 Jan 2017 11:33:17 -0500
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability

Advisory ID: cisco-sa-20170125-cas

Revision 1.0

For Public Release 2017 January 25 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition.

Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas

-----BEGIN PGP SIGNATURE-----

iQIVAwUBWIeDV689gD3EAJB5AQJ5Zg//a3dCro6pWqKHfveTah65APzs2XpMIMIk
3D7dKxnm1d6g0TKOI+lGcqDlgTnApDGJNAtAxhYqFN+w/RofPHTY5FzRZHzoikYc
d3rWZkPmLPld/WjdTq+yHH0yFC/fyjYE9jFRD96uV3AyCWJZbX3931mAotJp4YKL
McteDcw1tzZkoR5uOmbks6pzBbS70ZxYZ6o2fz9MhdIbBK9OfMp61sfIRGF/L8n9
Jbyc+Boqru29lTjwmWmeMq39G+gAm6QQxTKA0yiIq43RrHrDc+jGCW3jXQ58ptYn
geG5xQngqWSI/0/2q4R5GHmVXbprrWu4jvdYcM8z9FRi03wYkivMbLjAP0k41oX3
OQOIsR0frAxtAhmjQ62njOMbmWPVwyCxr+NKacQl0VfyXubiyGWVsM+APu3Kxowo
hlCKHnV+J1/8I9yx8rqUe8kqdoNM9edMUUC9M2DP5oscG76kP9sIfu8ZujHxwmsd
ehp64NTrYfWLDLvlhCvkSli/74wfC7fjou/lLatqZd2l9Q17wBhhd0/Sq8DMNw6U
1NZgT/WKDq35nOPwmVYm1JyClhMx0bmbxCGwRICDTjW+kWZKQV16Bm4lOeHFKoPq
LtS5DI8l4oJHa91g25BIkEP3A5GH57k6drPi1UaCaXPO2Vk2/ea04roPpJSY/g5Y
4PRK9X5DKrU=
=780F
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ