For anyone who was subscribed to the old full-disclosure list ... Fydor of nmap has brought it back to life.
Infolink @ http://insecure.org/news/fulldisclosure/ Subscribe @ http://nmap.org/mailman/listinfo/fulldisclosure On Mar 26, 2014, at 10:52 AM, kendrick eastes <keas...@gmail.com> wrote: > The Full-disclosure mailing list was recently... retired, I guess cisco > thought NANOG was the next best place. > > > On Wed, Mar 26, 2014 at 10:45 AM, rw...@ropeguru.com > <rw...@ropeguru.com>wrote: > >> >> Is this normal for the list to diretly get Cisco security advisories or >> something new. First time I have seen these. >> >> Robert >> >> >> On Wed, 26 Mar 2014 12:10:00 -0400 >> Cisco Systems Product Security Incident Response Team <ps...@cisco.com> >> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Cisco IOS Software SSL VPN Denial of Service Vulnerability >>> >>> Advisory ID: cisco-sa-20140326-ios-sslvpn >>> >>> Revision 1.0 >>> >>> For Public Release 2014 March 26 16:00 UTC (GMT) >>> >>> Summary >>> ======= >>> >>> A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco >>> IOS Software could allow an unauthenticated, remote attacker to cause a >>> denial of service (DoS) condition. >>> >>> The vulnerability is due to a failure to process certain types of HTTP >>> requests. To exploit the vulnerability, an attacker could submit crafted >>> requests designed to consume memory to an affected device. An exploit could >>> allow the attacker to consume and fragment memory on the affected device. >>> This may cause reduced performance, a failure of certain processes, or a >>> restart of the affected device. >>> >>> Cisco has released free software updates that address this vulnerability. >>> There are no workarounds to mitigate this vulnerability. >>> >>> This advisory is available at the following link: >>> http://tools.cisco.com/security/center/content/ >>> CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn >>> >>> Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled >>> publication includes six Cisco Security Advisories. All advisories address >>> vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security >>> Advisory lists the Cisco IOS Software releases that correct the >>> vulnerability or vulnerabilities detailed in the advisory as well as the >>> Cisco IOS Software releases that correct all Cisco IOS Software >>> vulnerabilities in the March 2014 bundled publication. >>> >>> Individual publication links are in Cisco Event Response: Semiannual >>> Cisco IOS Software Security Advisory Bundled Publication at the following >>> link: >>> >>> http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG/MacGPG2 v2.0.22 (Darwin) >>> Comment: GPGTools - http://gpgtools.org >>> >>> iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+ >>> mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i >>> uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc >>> X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd >>> atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn >>> dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo >>> RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8 >>> 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ >>> 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd >>> EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB >>> ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7 >>> RF3x0wYuErbbC7N9m1UH >>> =1Ixo >>> -----END PGP SIGNATURE----- >>> >>> >> >>
signature.asc
Description: Message signed with OpenPGP using GPGMail
