The Full-disclosure mailing list was recently... retired, I guess cisco thought NANOG was the next best place.
On Wed, Mar 26, 2014 at 10:45 AM, rw...@ropeguru.com <rw...@ropeguru.com>wrote: > > Is this normal for the list to diretly get Cisco security advisories or > something new. First time I have seen these. > > Robert > > > On Wed, 26 Mar 2014 12:10:00 -0400 > Cisco Systems Product Security Incident Response Team <ps...@cisco.com> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Cisco IOS Software SSL VPN Denial of Service Vulnerability >> >> Advisory ID: cisco-sa-20140326-ios-sslvpn >> >> Revision 1.0 >> >> For Public Release 2014 March 26 16:00 UTC (GMT) >> >> Summary >> ======= >> >> A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco >> IOS Software could allow an unauthenticated, remote attacker to cause a >> denial of service (DoS) condition. >> >> The vulnerability is due to a failure to process certain types of HTTP >> requests. To exploit the vulnerability, an attacker could submit crafted >> requests designed to consume memory to an affected device. An exploit could >> allow the attacker to consume and fragment memory on the affected device. >> This may cause reduced performance, a failure of certain processes, or a >> restart of the affected device. >> >> Cisco has released free software updates that address this vulnerability. >> There are no workarounds to mitigate this vulnerability. >> >> This advisory is available at the following link: >> http://tools.cisco.com/security/center/content/ >> CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn >> >> Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled >> publication includes six Cisco Security Advisories. All advisories address >> vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security >> Advisory lists the Cisco IOS Software releases that correct the >> vulnerability or vulnerabilities detailed in the advisory as well as the >> Cisco IOS Software releases that correct all Cisco IOS Software >> vulnerabilities in the March 2014 bundled publication. >> >> Individual publication links are in Cisco Event Response: Semiannual >> Cisco IOS Software Security Advisory Bundled Publication at the following >> link: >> >> http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG/MacGPG2 v2.0.22 (Darwin) >> Comment: GPGTools - http://gpgtools.org >> >> iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+ >> mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i >> uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc >> X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd >> atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn >> dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo >> RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8 >> 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ >> 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd >> EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB >> ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7 >> RF3x0wYuErbbC7N9m1UH >> =1Ixo >> -----END PGP SIGNATURE----- >> >> > >
