|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA10433] Cisco Firewall Services Module Denial of Service Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Dec 15 2003 - 11:57:27 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Cisco Firewall Services Module Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA10433
VERIFY ADVISORY:
http://www.secunia.com/advisories/10433/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Cisco Firewall Services Module (FWSM) 1.x
DESCRIPTION:
Cisco has reported two vulnerabilities in the Cisco Firewall Services
Module (FWSM) for Catalyst 6500 series and 7600 series, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to an unspecified error when
processing SNMPv3 messages, and a boundary error when processing HTTP
traffic requests for authentication using TACACS+ or RADIUS.
Successful exploitation of the vulnerabilities crashes and reloads a
vulnerable device.
The vulnerabilities affect version 1.1.2 and prior.
SOLUTION:
Update to version 1.1.3 or later.
See "Other References" section for a procedure to upgrade to a fixed
software version.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml
OTHER REFERENCES:
Upgrade Procedure:
http://www.cisco.com/en/US/products/hw/routers/ps368/products_module_configuration_guide_chapter09186a0080159caa.html#1047362
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://www.secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]