Cisco announced two new security updates this evening.
Crypto Library
A vulnerability (CVE-2006-3894) in a third-party cryptography library used in some Cisco products could lead to a sustained DoS attack. Although an attacker may be able to send a malformed ASN.1 packet and cause the affected device to crash, it is not believed that this vulnerability can allow a device to be compromised. A list of affected products and associated Cisco bug IDs is included in Table 1 below. More detailed information may be found on Cisco’s web site.
| CSCsd85587 | Cisco IOS |
| CSCsg41084 | Cisco IOS XR |
| CSCse91999 | Cisco PIX and ASA Security Appliances |
| CSCsi97695 | Cisco Firewall Service Module (FWSM) |
| CSCsg44348 | Cisco Unified CallManager |
IOS SSL
A device running Cisco IOS may crash if an attacker sends malformed SSL packets during the protocol exchange. An attacker may take advantage of these vulnerabilities to initiate a DoS attack. A list of Cisco bug IDs and affected packet types is included in Table 2 below. The following applications in Cisco IOS use SSL and are vulnerable to these attacks:
- Hyper Text Transfer Protocol over SSL (HTTPS).
- Cisco Network Security (CNS) Agent with SSL support
- Firewall Support of HTTPS Authentication Proxy
- Cisco IOS Clientless SSL VPN (WebVPN) support
Further information may be found on Cisco’s web site.
| CSCsb12598 | ClientHello messages |
| CSCsb40304 | ChangeCipherSpec messages |
| CSCsd92405 | Finished messages |
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
Cisco has updated these documents to include fixed IOS releases. Check the links above for more information.