|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11324] Cisco IPSec VPN Services Module Denial of Service Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Apr 09 2004 - 04:48:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Cisco IPSec VPN Services Module Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA11324
VERIFY ADVISORY:
http://secunia.com/advisories/11324/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Cisco IPSec VPN Services Module
DESCRIPTION:
Cisco has confirmed a vulnerability in VPNSM, which can be exploited
by malicious people to cause a DoS (Denial of Service).
The problem is that Cisco Catalyst 6500 Series Switch and Cisco 7600
Series Internet Router with the IPSec VPN Services Module (VPNSM) may
crash and reload when receiving a malformed IKE packet.
Systems with VPNSM and the following Cisco IOS versions are
affected:
* 12.2SXA
* 12.2SXB
* 12.2SY
SOLUTION:
Updates are available.
http://www.cisco.com/tacpage/library/12.2/index.shtml
For Cisco IOS 12.2SXA update to:
12.2(17b)SXA
For Cisco IOS 12.2SXB update to:
12.2(17d)SXB
For Cisco IOS 12.2SY update to:
12.2(14)SY03
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
Cisco IPSec VPN Services Module Malformed IKE Packet Vulnerability:
http://www.cisco.com/warp/public/707/cisco-sa-20040408-vpnsm.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]