These also get posted to other mailing lists, such as cisco-nsp.
jms
On Wed, 26 Mar 2014, rw...@ropeguru.com wrote:
Thanks everyone for the replies. I guess since they are done so infrequently,
I was not a list member the last go around.
Robert
On Wed, 26 Mar 2014 12:58:44 -0400
Andrew Latham <lath...@gmail.com> wrote:
Robert
Perfectly normal, almost an announce list for issues like this.
On Wed, Mar 26, 2014 at 12:45 PM, rw...@ropeguru.com
<rw...@ropeguru.com> wrote:
>
> Is this normal for the list to diretly get Cisco security advisories or
> something new. First time I have seen these.
>
> Robert
>
>
> On Wed, 26 Mar 2014 12:10:00 -0400
> Cisco Systems Product Security Incident Response Team <ps...@cisco.com>
> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Cisco IOS Software SSL VPN Denial of Service Vulnerability
> >
> > Advisory ID: cisco-sa-20140326-ios-sslvpn
> >
> > Revision 1.0
> >
> > For Public Release 2014 March 26 16:00 UTC (GMT)
> >
> > Summary
> > =======
> >
> > A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of
> > Cisco
> > IOS Software could allow an unauthenticated, remote attacker to cause a
> > denial of service (DoS) condition.
> >
> > The vulnerability is due to a failure to process certain types of HTTP
> > requests. To exploit the vulnerability, an attacker could submit
> > crafted
> > requests designed to consume memory to an affected device. An exploit
> > could
> > allow the attacker to consume and fragment memory on the affected
> > device.
> > This may cause reduced performance, a failure of certain processes, or
> > a
> > restart of the affected device.
> >
> > Cisco has released free software updates that address this
> > vulnerability.
> > There are no workarounds to mitigate this vulnerability.
> >
> > This advisory is available at the following link:
> >
> > http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn
> >
> > Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled
> > publication includes six Cisco Security Advisories. All advisories
> > address
> > vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security
> > Advisory lists the Cisco IOS Software releases that correct the
> > vulnerability or vulnerabilities detailed in the advisory as well as
> > the
> > Cisco IOS Software releases that correct all Cisco IOS Software
> > vulnerabilities in the March 2014 bundled publication.
> >
> > Individual publication links are in Cisco Event Response: Semiannual
> > Cisco
> > IOS Software Security Advisory Bundled Publication at the following
> > link:
> >
> > http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> > Comment: GPGTools - http://gpgtools.org
> >
> > iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+
> > mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i
> > uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc
> > X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd
> > atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn
> > dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo
> > RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8
> > 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ
> > 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd
> > EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB
> > ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7
> > RF3x0wYuErbbC7N9m1UH
> > =1Ixo
> > -----END PGP SIGNATURE-----
> >
>
>
--
~ Andrew "lathama" Latham lath...@gmail.com http://lathama.net ~