|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Oct 18 2007 - 19:07:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI):
http://secunia.com/network_software_inspector/
----------------------------------------------------------------------
TITLE:
Cisco PIX and ASA TLS/MGCP Packet Processing Denial of Service
SECUNIA ADVISORY ID:
SA27193
VERIFY ADVISORY:
http://secunia.com/advisories/27193/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
OPERATING SYSTEM:
Cisco Adaptive Security Appliance (ASA) 8.x
http://secunia.com/product/16163/
Cisco Adaptive Security Appliance (ASA) 7.x
http://secunia.com/product/6115/
Cisco PIX 7.x
http://secunia.com/product/6102/
Cisco PIX 8.x
http://secunia.com/product/16164/
DESCRIPTION:
Cisco has acknowledged some vulnerabilities in Cisco PIX and ASA
appliances, which can be exploited by malicious people to cause a DoS
(Denial of Service).
1) An unspecified error exists within the handling of Transport Layer
Security (TLS) packets. This can be exploited to reload an affected
device by sending specially crafted TLS packets.
2) An unspecified error exists within the handling of Media Gateway
Control Protocol (MGCP) packets. This can be exploited to reload an
affected device by sending specially crafted MGCP packets.
Successful exploitation of this vulnerability requires that the MGCP
application layer protocol inspection is enabled (disabled by
default).
SOLUTION:
Apply updates (please see the vendor's advisory for details).
PIX:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2
ASA:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]