Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2505
Cisco Email Security Appliance Advanced Malware Protection
Attachment Scanning Denial of Service Vulnerability
27 October 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Email Security
Publisher: Cisco Systems
Operating System: Cisco
Virtualisation
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-6356 CVE-2016-1486 CVE-2016-1481
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3
Comment: This bulletin contains three (3) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability
Advisory ID: cisco-sa-20161026-esa1
Revision 1.0
For Public Release 2016 October 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability exists because the message filtering feature of the affected software does not properly validate compressed message attachments that contain malformed Design (DGN) files. An attacker could exploit this vulnerability by sending a crafted email message, which has a compressed attachment containing a malformed DGN file, through an affected device. While the affected software filters the attachment, memory could be consumed at a high rate and ultimately exhausted, causing the filtering process to restart and resulting in a DoS condition. After the filtering process restarts, the software resumes filtering for the same attachment, causing the filtering process to exhaust memory and restart again. A successful exploit of this vulnerability could allow the attacker to cause a repeated DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBWAedja89gD3EAJB5AQLHvhAAuBm7hZs40pBvZZwyhtcSiEf1BhfTthrr
AcUK3IegobD3q0HkaT5HEHgFBZ9VaqlISG6dEQLM5aK94bC0pCUtbT7UzCYqqAVO
j2jx7cWfUF5AXFKI8UKlACX95RuQYYbBhIE0vxmur3MqlYm30jriUvNKEu1YJ2UA
3ZUiioNh2+Fb+tT0rWHg6DGU7MGdzEglw+uxC3YuLp2s8xpvV7mnQXhGlsDz5Ycu
sH6qcL16AGIza4yjLuJPOjqOL0P9C5mpMLOxeZi0CR5G7csXHCWY7j5UvwQfHPhj
TKV73WhE0cUWXAQOcwM4xFycaN2BWDBRp13ovhy3nn/vDVtzFRjgMTLr3PKhueOW
Pt0WpWbhSnGu/RbAKXSSyCnyzqYluF8XNx7c22ztUhLSRuKikB91eNoOuB6MPnbE
upD99gYGUtlPwwrduFpqUdAtrOcVbLjHHUD9Z+fMCbYQAqIIWIOiHwuWN+asYS2g
/m4ZjZYfR3AqjQRhup14LZzwgT0PawmIpZ+HTRME7/BmDXuwZPbdYf3PKaZ0yiZ4
RaXD8AAyWC9m9ZZZ12G4ImtFSfpy7HLPUZhd6wWrFYnt4gt+xSM+71u6eJIlQnut
kriQ5+rx5BasvK9aqfwYDIqRc/uy4mn+1S/QzKwZ80DlW7R5VgG6k66XyK8gWcH5
XLt5g0sfqAE=
=watm
- -----END PGP SIGNATURE-----
+===============================================================================
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability
Advisory ID: cisco-sa-20161026-esa2
Revision 1.0
For Public Release 2016 October 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition.
The vulnerability is due to improper handling of UU-encoded files that are attached to an email message. An attacker could exploit this vulnerability by sending a crafted email message with a UU-encoded file attachment through an affected device. The scanning of the attachment could cause the mail handling process of the affected software to restart, resulting in a DoS condition. After the mail handling process restarts, the software resumes scanning for the same attachment, which could cause the mail handling process to restart again. A successful exploit could allow the attacker to cause a repeated DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBWAef8K89gD3EAJB5AQJmjhAArJx4+FUbQwa+YUwSBBgQN3NWEAXD0VdZ
5gl9ig/7Y5AST/OrhAfhTVL94/8O/0FECeXqlmRc9qrAJ6ouR3GcvIhd0kOYTmeR
Pxj+v0XyBJlp1qzvgy97jM+hSXoT/8MPcdAzVBlTtI2pFOnkgAPWGuKr/nbR7AkD
gRns2NRPlXTZnyo5LpxXR/JLo0+RpTOFPpuZNZYSLf0uOVimfrR+OLssCnzIZFdu
8P2k3XMU7oa6QA/EIruayFqBOaIWjjLvcyNPPehUU3Ye3g1tR86qU6Ik/E4VTSDB
ufxg/GtbafCkYqa6TEeWWQRyNUUDzo8rKjFz+HY5yuKEaT6IH9dpPndj8N/LQO93
R58OABHlpQdlDynSPSInMzK+PkEX3R8+HmViVmcVKYmm847uExkcYJljKoPEE6iB
b90VJ4Ey8KThCKNCNDF5c27cv5Yl8RnhZBCl2glVY0jNoBsAPO8xHwxd+MZBCspx
YldjHeBNZpWGx0ZN8OX/qY33nEC9DOKdGshmYt8xA+BIhlAfGeHGNZft9U4cXdYm
/ZwTNc8e3ujzaR/o9T+G9LngBWKyMJ6JP9ydhnsh3kZJN3BH8ZdoxS3YUd3asdpB
9PTgpMqd4fk3W8KIQthmi3Mm7grihw/Bz+PKfFxQNvPW6KIcAqS/A0m0sminPHXK
K7VNsuZha80=
=wtS3
- -----END PGP SIGNATURE-----
+===============================================================================
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability
Advisory ID: cisco-sa-20161026-esa3
Revision 1.0
For Public Release 2016 October 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition.
The vulnerability is due to improper input validation of email attachments that have corrupted fields. An attacker could exploit this vulnerability by sending a crafted email message, which has an attachment with corrupted fields, through an affected device. When the affected software filters the attachment, the filtering process could crash and restart, resulting in a DoS condition. After the filtering process restarts, the software resumes filtering for the same attachment, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a repeated DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBWAedua89gD3EAJB5AQIOlBAA2+nYWHtIoo6idYeCYFiXYxlpVwtDWIjU
7wEleNwd564UN+IY6jTCY+3eW0zPnA0vrk10iwQm7xVy3WTVfqTU/m1TS3fOgSzI
X+stWrOXeU3tWehVfZkBKF5UbSEe8CNU7vAzminsy5dq5hfTHTx/oSXWuB4wV2Be
HMO8IxJRFPV7DO2xz3FkqEf360vTUIoRiP7CGmwZ6+CEp4Lm/LDE3/oVuaHoaj/Q
XrikOqRa4gabGszQ1mSUH+cgqgFRb/MLQaL8AcKd8VYnj8nRIpqAN7W1FvsoXvcZ
O0GreEL9EoBICWXsCuEa/lBGxqPHn9PwRReQu+0RnDzsTXK3Js0vcO77lLmydFb6
6/7ykkJDK7XlldYBBNzc2CvgBVa8/LEsB5xPWV1UplaAxB/dFU4S9JI5Y3AioKJ+
xUD9P68OYTjOguLGvAcCPkLOqKGuchPPYu19QEnMeP5SDA84ooYP+l24OQa5HV6L
hQbxgdXi6NMs50r2SpfpbSrk7pTYW/wUT++uKLl619r1G8EIJJqTdl3PtFvoAoxz
dyLw/hPfyTGHE2ZV0CIlzgBykFUkNp8RhtO1UDPT9Z4Dqod44oLiGroqaul4V77/
zcHvOT4yLWDhwiKm3Dv5my5NvV4+Tc24bBwVj9S8Y/7lxGM/BQJF97AfN7UrH9mA
kLEPJFLPx0k=
=yYBs
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWBGr1ox+lLeg9Ub1AQhuxA/+IhgFKh7GBKaOMFGKW4q2H1EYBVARaKCR
ZZfD7lavNCYsegW1phe1oLlc9L24EhgGQV9/jMmhaM34GoHlRlIvE5VBzIVOBHUb
gu6TDFz9CbdJB3B1E53Gr00vKbNSlQWJ1VG0TEzD5LwZ86AmmP0lN9noNnPGsNxx
OJyNCffVob7vNV6LtSZOY7SjPsYAM/vL9hUXoAIGSvBHtANKo02ShOTuk14EWrQy
mXlfupOqESxRaQ/QBnSXVrV5Ip0o8kDERoGiYO9IwzzFA3E6PPpiC8RefmbJ9d9R
lzm8veHCKG6bG7vK0y4H6RIHXVBsvCSS0u8hnT6pkBltSNBQvrnP1tgEWS/ld2KJ
1Plhk/Nld/l0HoK1v4UjSHEOLiOVYfmFIsxBW2esNssTdJlPntnf1gDVSThouEtz
VW2mcg/7iGDSMFR+JA01uzFjbZaexq7fVuPJn0wRW1T7m5vhuLJPveA0OJpiDkHd
Jbyg0yHcsy6Pd/y+7fO6MideU1Ja6vxKkElmEMMRTB7QutQgvYij/FhmLbqS3ptk
reRS5ejwzofiQA6UEkti+SDe5noUNVdrjoBkQksWZ/ekwcCnY1xvT/wj6YY0EKnB
cROaVWI3F+e34O6C8YqZZ8PZtltzSa1SWmFYBIKjT2+sA6eBdHSo+hCj44iWJSxz
1T9R/rowdpE=
=jXh5
-----END PGP SIGNATURE-----