Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0521
Multiple Vulnerabilities in Cisco ASA Software
11 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco ASA
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
Advisory ID: cisco-sa-20130410-asa
Revision 1.0
For Public Release 2013 April 10 16:00 UTC (GMT)
+----------------------------------------------------------------------
Summary
=======
Cisco ASA Software is affected by the following vulnerabilities:
IKE Version 1 Denial of Service Vulnerability
Crafted URL Denial of Service Vulnerability
Denial of Service During Validation of Crafted Certificates
DNS Inspection Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that
is affected by one of the vulnerabilities may not be affected by the
others.
Successful exploitation of any of these vulnerabilities may result in
a reload of an affected device, leading to a denial of service (DoS)
condition.
Cisco has released free software updates that address these
vulnerabilities. Workarounds are available for some of these
vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa
Note: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500
Series Switches and Cisco 7600 Series Routers may be affected by some
of the vulnerabilities listed above. A separate Cisco Security Advisory
has been published to disclose the vulnerabilities that affect the Cisco
FWSM. This advisory is available at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlFlkRYACgkQUddfH3/BbTpxAQD/Zkba4GDth49SWailwZV871q2
ffeUbZzP4AzcT4zJTbYA/1nk8ZqZBfW9TCUenapRkiykoh14ATXnyjV5GqUtWiUa
=Ds4x
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUWYlm+4yVqjM2NGpAQL3Nw//T0FEFdD3NjHXw378Kt5JR0LtM4AbrdxQ
N+5yeY7ILLsqGjpGPUtvsYnmxyNYOjbkf85TBGVoH3rzsl4DwhWfQ68zcLfvLmec
KXCe2IM++wZcEQ8idy47V2aOY7q3J9i6GzkQfgBJCN1wBhXkmMEV8zrNqkppANRv
R8F14eK2bUfwgQHMMWYNNZpdA+hz3z29nurbDu9yXTjW9gju+k3HLViWhgIg04tD
eGkgqGvwZfvax7Qnfspz5nTrRYicI5pK01Nlqp41z/gY2Xoz84KyHN4Q/5CSFlyJ
wOPPp+n9eELq+BpiXXfZ5KAnGGmuXU8ABhhW0jo8JB8iazYMBpoK849Lqe2XnBHV
f/2vmrrHg7AAtQrcYywBuBwA2E0DTRy6eK3yrUUh7rsD4c8pWkMeWU61Mmo7t4mu
YcCRW3rdZ6cMT0ulxIZd2XF+a8Wphp+sVHmePL9w2JpBo9sBm3W2SLA+f6xbuiKG
QAADeSqVM1lmqM1PmrZ8jE25TYP6Ts/k9fdpaZGsqJRAS9G9hEo53Du4Nq9ai6YS
nqU+Wm75rgtEFtPc/M/x1eU/C1k4LvAJD/8FVDzCyG6VBFYCDf8K43KLZdlkrtK2
I+889R/q58OT0N6oGQVIG2jGl8IvVShSsUsq0anBioTRcxs9oA0OMLH1/flki3bE
F8xnT/wzhJQ=
=/WOG
-----END PGP SIGNATURE-----