Thanks everyone for the replies. I guess since they are done so
infrequently, I was not a list member the last go around.
Robert
On Wed, 26 Mar 2014 12:58:44 -0400
Andrew Latham <lath...@gmail.com> wrote:
Robert
Perfectly normal, almost an announce list for issues like this.
On Wed, Mar 26, 2014 at 12:45 PM, rw...@ropeguru.com
<rw...@ropeguru.com> wrote:
Is this normal for the list to diretly get Cisco security advisories
or
something new. First time I have seen these.
Robert
On Wed, 26 Mar 2014 12:10:00 -0400
Cisco Systems Product Security Incident Response Team
<ps...@cisco.com>
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco IOS Software SSL VPN Denial of Service Vulnerability
Advisory ID: cisco-sa-20140326-ios-sslvpn
Revision 1.0
For Public Release 2014 March 26 16:00 UTC (GMT)
Summary
=======
A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of
Cisco
IOS Software could allow an unauthenticated, remote attacker to
cause a
denial of service (DoS) condition.
The vulnerability is due to a failure to process certain types of
HTTP
requests. To exploit the vulnerability, an attacker could submit
crafted
requests designed to consume memory to an affected device. An
exploit could
allow the attacker to consume and fragment memory on the affected
device.
This may cause reduced performance, a failure of certain processes,
or a
restart of the affected device.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds to mitigate this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn
Note: The March 26, 2014, Cisco IOS Software Security Advisory
bundled
publication includes six Cisco Security Advisories. All advisories
address
vulnerabilities in Cisco IOS Software. Each Cisco IOS Software
Security
Advisory lists the Cisco IOS Software releases that correct the
vulnerability or vulnerabilities detailed in the advisory as well as
the
Cisco IOS Software releases that correct all Cisco IOS Software
vulnerabilities in the March 2014 bundled publication.
Individual publication links are in Cisco Event Response: Semiannual
Cisco
IOS Software Security Advisory Bundled Publication at the following
link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+
mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i
uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc
X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd
atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn
dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo
RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8
2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ
0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd
EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB
ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7
RF3x0wYuErbbC7N9m1UH
=1Ixo
-----END PGP SIGNATURE-----
--
~ Andrew "lathama" Latham lath...@gmail.com http://lathama.net ~
