Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.2770
Multiple vulnerabilities identified in Cisco Email Security
Appliance Email Scanner
5 November 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Email Security Appliance
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Denial of Service -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-6291 CVE-2015-4184
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-esa
Comment: This bulletin contains two (2) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability
Advisory ID: cisco-sa-20151104-esa2
Revision 1.0
For Public Release 2015 November 4 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the email message filtering feature of Cisco AsyncOS
for Cisco Email Security Appliance (ESA) could allow an unauthenticated,
remote attacker to cause an ESA device to become unavailable due to a
denial of service (DoS) condition.
The vulnerability is due to improper input validation when an email
attachment contains corrupted fields and is filtered by the ESA. An
attacker could exploit this vulnerability by sending a crafted email
with an attachment to the ESA. A successful exploit could allow the
attacker to cause a DoS condition. While the attachment is being
filtered, memory is consumed at at high rate until the filtering
process restarts. When the process restarts, it will resume processing
the same malformed attachment and the DoS condition will continue.
Cisco has released software updates that address this vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVjU+vYpI1I6i1Mx3AQI3Lg//UM5v2fIxL1lNXJ+jL4Gt90DoB2nATquF
YWyBxvmEzoVEy8v4YlL9TP09lc/jZEVhVTP4GbK8nplCrNP/Ah+NOfXzTF7bt/er
ye+WWLIOex8W6+YAalLheIhAosCCGCJLQ4nwsTCSymYqBBI6QOEJYgoLxSwUOvVs
zjM+UOA8pLnRiyTHpgWtsj/sLUUZ5IItM9/RrfZ34lMlRXlydJFObGlT5fsUcWxg
YWAja2jNqp2mUv0Q6MabOku23SW7tBCIkYF2VYVaZ11Sf0gFMqBeNHnRk0pz56Ok
8lzpZSXjl+wZV8UtTyZksTkrXSUYzu5OmkDHaC3QOlcJmAm1rLIE+F6PSdh0hDuI
1yfivRv8JsKZO18IN86lZLYR7ath76WqWLiQzy6/VSfkfBWBdFRE8dzObN7jzt/V
rKHlI30AbA38HqkI+H3DwTLPlGABXN43kk6H+Bg8eUPKuH+7hUZfZL5J7qlM7xIe
J5mNiHW2dQz2/2N6fhxjtkfr0bbl6jztLGlXh+Z6iJmAEcxUStTqlm18rHQ3aL34
rGif+IDd0eCHUQtm1eEXiO4v3paKHE0VDko6gSd3fojLQ1HDN3Wf4PovfOYGphRI
x4vy5cK3gqK55OkZMuhoRz1F10njVfwA1wdvsw7SSiZ2NHsR8BRa454Fr5DTiM5k
LvbY0kRKk88=
=gFEa
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
Advisory ID: cisco-sa-20150612-esa
Revision 2.0
For Public Release 2015 November 4 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the anti-spam scanner of Cisco AsyncOS for Cisco
Email Security Appliance (ESA) could allow an unauthenticated, remote
attacker to bypass the anti-spam functionality of the ESA.
The vulnerability is due to improper error handling of a malformed
packet in the anti-spam scanner. An attacker could exploit this
vulnerability by sending a crafted DNS Sender Policy Framework (SPF)
text record. A successful exploit could allow the attacker to bypass
the anti-spam scanner and generate a malformed packet alert.
Cisco has released software updates that address this vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-esa
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVjU+oopI1I6i1Mx3AQLVCg//Q0pNhiu6HbIEHoGVyFAdX0Z1RkbAYrd1
iMReAuei8euJHGVKeWULxT9+uhiobGdkZC0+ZosxvD8vs1cf4o9OqCHZKjfh6OZy
haX+mbTez0jnokVEX43UMH9L6Mn9eeJiQY47YUZ1QCBMeRmu5gIfoXSqB4qagItP
9mLmxuetHLDlVLalBYEA3jKDIIs+33fyfCWFOMQI6r5tki1UsGO0F7Xz9JYYdUmo
pwq4/gSijrcxbnH8vRmLdwlUgdVk2eje+KE/9+66XN/iW1pqBDKiFjTJvTv7FILr
HlPXyftBdgZi5YQTTNXIhEaXfdoaW94TcBlgsr9ZTO15hyZ5fLBarcDpHStu2GPg
SKjDRqkftOz36ixXh5LhGhCmVpg2lER1dIrh51Ad0cHPB7AyEChpe1hD6G/TUv5n
GWC+BmkX68jCXvVqYpRp3cz/le+2/Q/qKGtvbPDF+kAeq14OyUZW4ruShUzUX8CW
iiKIcImPSDuOSs2YeA31JBGsFmf8zZvjYaGQYSMH0AgTiJzAb2C68hz/gOKZoSIp
dSC8H0v76xJR75bq1hkB6KpRWusJ4vRLkIuS+G4Dvu8hyukrgwhWeWQVSPjXhu2e
qu3xWWDGj7rr3nRjnoQK7MrJ17iNYjDrLe538xP9P7KF6iUwDABHk6RmrIOe2Q7O
dDowAhTGRu0=
=Sq1c
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVjrgun6ZAP0PgtI9AQIY0g//XQZA4L1eFy8NIO/dHNzOini3dmUoTq7S
JJBxUFtLC8WhJJNh8fxuG1usPa00LVheaiPsU4QR0Wo6bie09R7iR8rVd4eGjUAM
IYgPohaBJTDoTgzci81HA7u+bO0/ItLEvlf+a6f/Ufu+nVo4h9Ry0EeXUGyJqa/o
tw4Drey2oz2TLkCym9jfoVphbn75SH3VOH01mwowifYawc+pZf5yy1yXy7FuIOVU
YR6CmtetTub8A/pbtSmt/rvttEwTNDQ85ic2PW1qCb5ADIBcpFlae7/zbgbLPX+s
74T7dH//uUSyG90AvTCiv398hB04tS8NCTV3ACfPsspsjvGaq/mZ4SiollmTAzrR
4e+JVuDPlQRo/BMLsJ2lOVNfcEEakESydCPjOFHihwmtoPTSzWnNn4x5DyN7zhPq
XAjZvD3S5x52EaYbHEg2Ug3bZb5A1/8VIlf8aagMp6excE0zPZDU6ranvfpFvOJF
Ekcg4EGkgS7H1dWJnACQZ1DwZ3sWNe5PMadSPsFssF+NxA32sgUcs+hC3afXw9ZN
QCjaDD/rmEuiDqNx7dFd3GaSLqoEaFGk3IAIac7iCZporoiuGXmXZXAOwYT7SBRD
l3OVFBZT5w7FFcZBgzdwR7qiG4qn500PqB52Ch/Zw67FXuBxCUrJXpcNa7gMgbgB
cZn7tj9pgOc=
=zl4v
-----END PGP SIGNATURE-----