Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2505 Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability 27 October 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Email Security Publisher: Cisco Systems Operating System: Cisco Virtualisation Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-6356 CVE-2016-1486 CVE-2016-1481 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3 Comment: This bulletin contains three (3) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability Advisory ID: cisco-sa-20161026-esa1 Revision 1.0 For Public Release 2016 October 26 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the message filtering feature of the affected software does not properly validate compressed message attachments that contain malformed Design (DGN) files. An attacker could exploit this vulnerability by sending a crafted email message, which has a compressed attachment containing a malformed DGN file, through an affected device. While the affected software filters the attachment, memory could be consumed at a high rate and ultimately exhausted, causing the filtering process to restart and resulting in a DoS condition. After the filtering process restarts, the software resumes filtering for the same attachment, causing the filtering process to exhaust memory and restart again. A successful exploit of this vulnerability could allow the attacker to cause a repeated DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1 - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBWAedja89gD3EAJB5AQLHvhAAuBm7hZs40pBvZZwyhtcSiEf1BhfTthrr AcUK3IegobD3q0HkaT5HEHgFBZ9VaqlISG6dEQLM5aK94bC0pCUtbT7UzCYqqAVO j2jx7cWfUF5AXFKI8UKlACX95RuQYYbBhIE0vxmur3MqlYm30jriUvNKEu1YJ2UA 3ZUiioNh2+Fb+tT0rWHg6DGU7MGdzEglw+uxC3YuLp2s8xpvV7mnQXhGlsDz5Ycu sH6qcL16AGIza4yjLuJPOjqOL0P9C5mpMLOxeZi0CR5G7csXHCWY7j5UvwQfHPhj TKV73WhE0cUWXAQOcwM4xFycaN2BWDBRp13ovhy3nn/vDVtzFRjgMTLr3PKhueOW Pt0WpWbhSnGu/RbAKXSSyCnyzqYluF8XNx7c22ztUhLSRuKikB91eNoOuB6MPnbE upD99gYGUtlPwwrduFpqUdAtrOcVbLjHHUD9Z+fMCbYQAqIIWIOiHwuWN+asYS2g /m4ZjZYfR3AqjQRhup14LZzwgT0PawmIpZ+HTRME7/BmDXuwZPbdYf3PKaZ0yiZ4 RaXD8AAyWC9m9ZZZ12G4ImtFSfpy7HLPUZhd6wWrFYnt4gt+xSM+71u6eJIlQnut kriQ5+rx5BasvK9aqfwYDIqRc/uy4mn+1S/QzKwZ80DlW7R5VgG6k66XyK8gWcH5 XLt5g0sfqAE= =watm - -----END PGP SIGNATURE----- +=============================================================================== - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability Advisory ID: cisco-sa-20161026-esa2 Revision 1.0 For Public Release 2016 October 26 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. The vulnerability is due to improper handling of UU-encoded files that are attached to an email message. An attacker could exploit this vulnerability by sending a crafted email message with a UU-encoded file attachment through an affected device. The scanning of the attachment could cause the mail handling process of the affected software to restart, resulting in a DoS condition. After the mail handling process restarts, the software resumes scanning for the same attachment, which could cause the mail handling process to restart again. A successful exploit could allow the attacker to cause a repeated DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBWAef8K89gD3EAJB5AQJmjhAArJx4+FUbQwa+YUwSBBgQN3NWEAXD0VdZ 5gl9ig/7Y5AST/OrhAfhTVL94/8O/0FECeXqlmRc9qrAJ6ouR3GcvIhd0kOYTmeR Pxj+v0XyBJlp1qzvgy97jM+hSXoT/8MPcdAzVBlTtI2pFOnkgAPWGuKr/nbR7AkD gRns2NRPlXTZnyo5LpxXR/JLo0+RpTOFPpuZNZYSLf0uOVimfrR+OLssCnzIZFdu 8P2k3XMU7oa6QA/EIruayFqBOaIWjjLvcyNPPehUU3Ye3g1tR86qU6Ik/E4VTSDB ufxg/GtbafCkYqa6TEeWWQRyNUUDzo8rKjFz+HY5yuKEaT6IH9dpPndj8N/LQO93 R58OABHlpQdlDynSPSInMzK+PkEX3R8+HmViVmcVKYmm847uExkcYJljKoPEE6iB b90VJ4Ey8KThCKNCNDF5c27cv5Yl8RnhZBCl2glVY0jNoBsAPO8xHwxd+MZBCspx YldjHeBNZpWGx0ZN8OX/qY33nEC9DOKdGshmYt8xA+BIhlAfGeHGNZft9U4cXdYm /ZwTNc8e3ujzaR/o9T+G9LngBWKyMJ6JP9ydhnsh3kZJN3BH8ZdoxS3YUd3asdpB 9PTgpMqd4fk3W8KIQthmi3Mm7grihw/Bz+PKfFxQNvPW6KIcAqS/A0m0sminPHXK K7VNsuZha80= =wtS3 - -----END PGP SIGNATURE----- +=============================================================================== - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability Advisory ID: cisco-sa-20161026-esa3 Revision 1.0 For Public Release 2016 October 26 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. The vulnerability is due to improper input validation of email attachments that have corrupted fields. An attacker could exploit this vulnerability by sending a crafted email message, which has an attachment with corrupted fields, through an affected device. When the affected software filters the attachment, the filtering process could crash and restart, resulting in a DoS condition. After the filtering process restarts, the software resumes filtering for the same attachment, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a repeated DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3 - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBWAedua89gD3EAJB5AQIOlBAA2+nYWHtIoo6idYeCYFiXYxlpVwtDWIjU 7wEleNwd564UN+IY6jTCY+3eW0zPnA0vrk10iwQm7xVy3WTVfqTU/m1TS3fOgSzI X+stWrOXeU3tWehVfZkBKF5UbSEe8CNU7vAzminsy5dq5hfTHTx/oSXWuB4wV2Be HMO8IxJRFPV7DO2xz3FkqEf360vTUIoRiP7CGmwZ6+CEp4Lm/LDE3/oVuaHoaj/Q XrikOqRa4gabGszQ1mSUH+cgqgFRb/MLQaL8AcKd8VYnj8nRIpqAN7W1FvsoXvcZ O0GreEL9EoBICWXsCuEa/lBGxqPHn9PwRReQu+0RnDzsTXK3Js0vcO77lLmydFb6 6/7ykkJDK7XlldYBBNzc2CvgBVa8/LEsB5xPWV1UplaAxB/dFU4S9JI5Y3AioKJ+ xUD9P68OYTjOguLGvAcCPkLOqKGuchPPYu19QEnMeP5SDA84ooYP+l24OQa5HV6L hQbxgdXi6NMs50r2SpfpbSrk7pTYW/wUT++uKLl619r1G8EIJJqTdl3PtFvoAoxz dyLw/hPfyTGHE2ZV0CIlzgBykFUkNp8RhtO1UDPT9Z4Dqod44oLiGroqaul4V77/ zcHvOT4yLWDhwiKm3Dv5my5NvV4+Tc24bBwVj9S8Y/7lxGM/BQJF97AfN7UrH9mA kLEPJFLPx0k= =yYBs - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWBGr1ox+lLeg9Ub1AQhuxA/+IhgFKh7GBKaOMFGKW4q2H1EYBVARaKCR ZZfD7lavNCYsegW1phe1oLlc9L24EhgGQV9/jMmhaM34GoHlRlIvE5VBzIVOBHUb gu6TDFz9CbdJB3B1E53Gr00vKbNSlQWJ1VG0TEzD5LwZ86AmmP0lN9noNnPGsNxx OJyNCffVob7vNV6LtSZOY7SjPsYAM/vL9hUXoAIGSvBHtANKo02ShOTuk14EWrQy mXlfupOqESxRaQ/QBnSXVrV5Ip0o8kDERoGiYO9IwzzFA3E6PPpiC8RefmbJ9d9R lzm8veHCKG6bG7vK0y4H6RIHXVBsvCSS0u8hnT6pkBltSNBQvrnP1tgEWS/ld2KJ 1Plhk/Nld/l0HoK1v4UjSHEOLiOVYfmFIsxBW2esNssTdJlPntnf1gDVSThouEtz VW2mcg/7iGDSMFR+JA01uzFjbZaexq7fVuPJn0wRW1T7m5vhuLJPveA0OJpiDkHd Jbyg0yHcsy6Pd/y+7fO6MideU1Ja6vxKkElmEMMRTB7QutQgvYij/FhmLbqS3ptk reRS5ejwzofiQA6UEkti+SDe5noUNVdrjoBkQksWZ/ekwcCnY1xvT/wj6YY0EKnB cROaVWI3F+e34O6C8YqZZ8PZtltzSa1SWmFYBIKjT2+sA6eBdHSo+hCj44iWJSxz 1T9R/rowdpE= =jXh5 -----END PGP SIGNATURE-----