They don't come out often but it happens. Looks like there were 5 or 6 of them.
James -----Original Message----- From: "rw...@ropeguru.com" <rw...@ropeguru.com> Date: Wed, 26 Mar 2014 12:45:18 To: <ps...@cisco.com>; <nanog@nanog.org> Reply-To: Robert Webb <rw...@ropeguru.com> Subject: Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Is this normal for the list to diretly get Cisco security advisories or something new. First time I have seen these. Robert On Wed, 26 Mar 2014 12:10:00 -0400 Cisco Systems Product Security Incident Response Team <ps...@cisco.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Cisco IOS Software SSL VPN Denial of Service Vulnerability > > Advisory ID: cisco-sa-20140326-ios-sslvpn > > Revision 1.0 > >For Public Release 2014 March 26 16:00 UTC (GMT) > > Summary > ======= > > A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of >Cisco IOS Software could allow an unauthenticated, remote attacker to >cause a denial of service (DoS) condition. > > The vulnerability is due to a failure to process certain types of >HTTP requests. To exploit the vulnerability, an attacker could submit >crafted requests designed to consume memory to an affected device. An >exploit could allow the attacker to consume and fragment memory on >the affected device. This may cause reduced performance, a failure of >certain processes, or a restart of the affected device. > > Cisco has released free software updates that address this >vulnerability. > There are no workarounds to mitigate this vulnerability. > > This advisory is available at the following link: > http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn > > Note: The March 26, 2014, Cisco IOS Software Security Advisory >bundled publication includes six Cisco Security Advisories. All >advisories address vulnerabilities in Cisco IOS Software. Each Cisco >IOS Software Security Advisory lists the Cisco IOS Software releases >that correct the vulnerability or vulnerabilities detailed in the >advisory as well as the Cisco IOS Software releases that correct all >Cisco IOS Software vulnerabilities in the March 2014 bundled >publication. > > Individual publication links are in Cisco Event Response: Semiannual >Cisco IOS Software Security Advisory Bundled Publication at the >following link: > > http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.22 (Darwin) > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+ > mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i > uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc > X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd > atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn > dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo > RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8 > 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ > 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd > EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB > ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7 > RF3x0wYuErbbC7N9m1UH > =1Ixo > -----END PGP SIGNATURE----- >
