sanog Digest, Vol 20, Issue 6

[sanog-request]

Send sanog mailing list submissions to
        sanog@sanog.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sanog.org/mailman/listinfo/sanog
or, via email, send a message with subject or body 'help' to
        sanog-requ...@sanog.org

You can reach the person managing the list at
        sanog-ow...@sanog.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of sanog digest..."


Today's Topics:

   1. Cisco Security Advisory: Cisco IOS Software Network Address
      Translation Vulnerabilities
      (Cisco Systems Product Security Incident Response Team)
   2. Cisco Security Advisory: Cisco IOS Software IPv6 Virtual
      Fragmentation Reassembly Denial of Service Vulnerability
      (Cisco Systems Product Security Incident Response Team)
   3. Cisco Security Advisory: Cisco IOS Software Queue Wedge
      Denial of Service Vulnerability
      (Cisco Systems Product Security Incident Response Team)
   4. Cisco Security Advisory: Cisco IOS Software Zone-Based
      Firewall and Content Filtering Vulnerability
      (Cisco Systems Product Security Incident Response Team)
   5. Cisco Security Advisory: Cisco IOS Software DHCP Denial of
      Service Vulnerability
      (Cisco Systems Product Security Incident Response Team)
   6. Cisco Security Advisory: Cisco IOS Software Multicast     Network
      Time Protocol Denial of Service Vulnerability
      (Cisco Systems Product Security Incident Response Team)
   7. Cisco Security Advisory: Cisco IOS Software Internet Key
      Exchange Memory Leak Vulnerability
      (Cisco Systems Product Security Incident Response Team)


----------------------------------------------------------------------

Message: 1
Date: Wed, 25 Sep 2013 12:22:39 -0400
From: Cisco Systems Product Security Incident Response Team
        <ps...@cisco.com>
To: sanog@sanog.org
Subject: [SANOG] Cisco Security Advisory: Cisco IOS Software Network
        Address Translation Vulnerabilities
Message-ID: <201309251222.14....@psirt.cisco.com>
Content-Type: Text/Plain; charset="us-ascii"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco IOS Software Network Address Translation Vulnerabilities

Advisory ID: cisco-sa-20130925-nat

Revision 1.0

For Public Release 2013 September 25 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

The Cisco IOS Software implementation of the network address translation (NAT) 
feature contains three vulnerabilities when translating IP packets that could 
allow an unauthenticated, remote attacker to cause a denial of service (DoS) 
condition.

Cisco has released free software updates that address these vulnerabilities. 
Workarounds that mitigate these vulnerabilities are not available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled 
publication includes eight Cisco Security Advisories. All advisories address 
vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security 
Advisory lists the Cisco IOS Software releases that correct the vulnerability 
or vulnerabilities detailed in the advisory as well as the Cisco IOS Software 
releases that correct all Cisco IOS Software vulnerabilities in the September 
2013 bundled publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS 
Software Security Advisory Bundled Publication" at the following link: 
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlJC6Z0ACgkQUddfH3/BbTqtUwD/fmE/9ONyzNjrIDni2UklV3M2
8ATQxEVFt1L3ZYUlyA4A/Ax+e0PiSL6ojL9bSgGIM7Y//+c7ga9nsau2mV5r/mhM
=u9YC
-----END PGP SIGNATURE-----


------------------------------

Message: 2
Date: Wed, 25 Sep 2013 12:21:58 -0400
From: Cisco Systems Product Security Incident Response Team
        <ps...@cisco.com>
To: sanog@sanog.org
Subject: [SANOG] Cisco Security Advisory: Cisco IOS Software IPv6
        Virtual Fragmentation Reassembly Denial of Service Vulnerability
Message-ID: <201309251221.14.ipv6...@psirt.cisco.com>
Content-Type: Text/Plain; charset="us-ascii"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service 
Vulnerability

Advisory ID: cisco-sa-20130925-ipv6vfr

Revision 1.0

For Public Release 2013 September 25 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

A vulnerability in the implementation of the virtual fragmentation reassembly 
(VFR) feature for IP version 6 (IPv6) in Cisco IOS Software could allow an 
unauthenticated, remote attacker to cause an affected device to hang or reload, 
resulting in a denial of service (DoS) condition.

The vulnerability is due to a race condition while accessing the reassembly 
queue for IPv6 fragments. An attacker could exploit this vulnerability by 
sending a crafted stream of valid IPv6 fragments. Repeated exploitation may 
result in a sustained DoS condition.

Cisco has released free software updates that address this vulnerability. There 
are no workarounds for this vulnerability.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ipv6vfr

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled 
publication includes eight Cisco Security Advisories. All advisories address 
vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security 
Advisory lists the Cisco IOS Software releases that correct the vulnerability 
or vulnerabilities detailed in the advisory as well as the Cisco IOS Software 
releases that correct all Cisco IOS Software vulnerabilities in the September 
2013 bundled publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS 
Software Security Advisory Bundled Publication" at the following link: 
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlJC6Z0ACgkQUddfH3/BbTon8QD+KjqV+g6xJtyPO04NuZLuUhZf
nL+yvKaN2zd0d8DNTXYA/joTFXuponHnVUNni/h5NjU2MaS/ZphGQpuinPUZK5I4
=+5KL
-----END PGP SIGNATURE-----


------------------------------

Message: 3
Date: Wed, 25 Sep 2013 12:24:07 -0400
From: Cisco Systems Product Security Incident Response Team
        <ps...@cisco.com>
To: sanog@sanog.org
Subject: [SANOG] Cisco Security Advisory: Cisco IOS Software Queue
        Wedge   Denial of Service Vulnerability
Message-ID: <201309251224.14.we...@psirt.cisco.com>
Content-Type: Text/Plain; charset="us-ascii"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco IOS Software Queue Wedge Denial of Service Vulnerability

Advisory ID: cisco-sa-20130925-wedge

Revision 1.0

For Public Release 2013 September 25 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software 
could allow an unauthenticated, remote attacker to cause an interface wedge 
condition, which could lead to loss of connectivity, loss of routing protocol 
adjacency, and could result in a denial of service (DoS) scenario.

The vulnerability is due to incorrect implementation of the T1/E1 driver queue. 
An attacker could exploit this vulnerability by sending bursty traffic through 
the affected interface driver. Repeated exploitation could cause a DoS 
condition.

Workarounds to mitigate this vulnerability are available.

Cisco has released free software updates that address this vulnerability. This 
advisory is available at the following link:  
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-wedge

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled 
publication includes eight Cisco Security Advisories. All advisories address 
vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security 
Advisory lists the Cisco IOS Software releases that correct the vulnerability 
or vulnerabilities detailed in the advisory as well as the Cisco IOS Software 
releases that correct all Cisco IOS Software vulnerabilities in the September 
2013 bundled publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS 
Software Security Advisory Bundled Publication" at the following link: 
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlJC6Z4ACgkQUddfH3/BbTpEGAD/Ss7zOJllV49QzpGTtRmbXsjK
bgypwesmtU9UdOC39kUA/1FGKQ1kn08R7dJ2PcbbLo8PP0OCtQrSyxTeBtmcIsHw
=xChY
-----END PGP SIGNATURE-----


------------------------------

Message: 4
Date: Wed, 25 Sep 2013 12:23:10 -0400
From: Cisco Systems Product Security Incident Response Team
        <ps...@cisco.com>
To: sanog@sanog.org
Subject: [SANOG] Cisco Security Advisory: Cisco IOS Software
        Zone-Based      Firewall and Content Filtering Vulnerability
Message-ID: <201309251223.14....@psirt.cisco.com>
Content-Type: Text/Plain; charset="us-ascii"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability

Advisory ID: cisco-sa-20130925-cce

Revision 1.0

For Public Release 2013 September 25 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

A vulnerability in the Zone-Based Firewall (ZBFW) component of Cisco IOS 
Software could allow an unauthenticated, remote attacker to cause an affected 
device to hang or reload.

The vulnerability is due to improper processing of specific HTTP packets when 
the device is configured for either Cisco IOS Content Filtering or HTTP 
application layer gateway (ALG) inspection. An attacker could exploit this 
vulnerability by sending specific HTTP packets through an affected device. An 
exploit could allow the attacker to cause an affected device to hang or reload.

Cisco has released free software updates that address this vulnerability. 

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-cce

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled 
publication includes eight Cisco Security Advisories. All advisories address 
vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security 
Advisory lists the Cisco IOS Software releases that correct the vulnerability 
or vulnerabilities detailed in the advisory as well as the Cisco IOS Software 
releases that correct all Cisco IOS Software vulnerabilities in the September 
2013 bundled publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS 
Software Security Advisory Bundled Publication" at the following link: 
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlJC6ZwACgkQUddfH3/BbTrfJAEAhPGE6zVhhuxL2YSSqZ9jQ7iB
WSXFXha2WZL3zp//WtgA/3B0mrj1OwGNpUouOUDM20cvsxM8RGUUGJqn/UDgbdi4
=yiSp
-----END PGP SIGNATURE-----


------------------------------

Message: 5
Date: Wed, 25 Sep 2013 12:24:34 -0400
From: Cisco Systems Product Security Incident Response Team
        <ps...@cisco.com>
To: sanog@sanog.org
Subject: [SANOG] Cisco Security Advisory: Cisco IOS Software DHCP
        Denial of       Service Vulnerability
Message-ID: <201309251224.14.d...@psirt.cisco.com>
Content-Type: Text/Plain; charset="us-ascii"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco IOS Software DHCP Denial of Service Vulnerability

Advisory ID: cisco-sa-20130925-dhcp

Revision 1.0

For Public Release 2013 September 25 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS 
XE Software could allow an unauthenticated, remote attacker to cause a denial 
of service (DoS) condition.

The vulnerability occurs during the parsing of crafted DHCP packets. An 
attacker could exploit this vulnerability by sending crafted DHCP packets to an 
affected device that has the DHCP server or DHCP relay feature enabled. An 
exploit could allow the attacker to cause a reload of an affected device.

Cisco has released free software updates that address this vulnerability. There 
are no workarounds to this vulnerability. 

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled 
publication includes eight Cisco Security Advisories. All advisories address 
vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security 
Advisory lists the Cisco IOS Software releases that correct the vulnerability 
or vulnerabilities detailed in the advisory as well as the Cisco IOS Software 
releases that correct all Cisco IOS Software vulnerabilities in the September 
2013 bundled publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS 
Software Security Advisory Bundled Publication" at the following link: 
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlJC6Z0ACgkQUddfH3/BbToKcAD/Y0gUqLxw1mMs8yqeoREI7H7x
/bU2ckuJKhhzJmmqpjEA/3ekjyVjTXoLRR9vQrYnAeJSE4opTRXYTlJtZesv4tIw
=zzbX
-----END PGP SIGNATURE-----


------------------------------

Message: 6
Date: Wed, 25 Sep 2013 12:23:38 -0400
From: Cisco Systems Product Security Incident Response Team
        <ps...@cisco.com>
To: sanog@sanog.org
Subject: [SANOG] Cisco Security Advisory: Cisco IOS Software Multicast
        Network Time Protocol Denial of Service Vulnerability
Message-ID: <201309251223.14....@psirt.cisco.com>
Content-Type: Text/Plain; charset="us-ascii"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco IOS Software Multicast Network Time Protocol Denial of Service 
Vulnerability

Advisory ID: cisco-sa-20130925-ntp

Revision 1.0

For Public Release 2013 September 25 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

A vulnerability in the implementation of the Network Time Protocol (NTP) 
feature in Cisco IOS Software could allow an unauthenticated, remote attacker 
to cause an affected device to reload, resulting in a denial of service (DoS) 
condition.

The vulnerability is due to the improper handling of multicast NTP packets that 
are sent to an affected device encapsulated in a Multicast Source Discovery 
Protocol (MSDP) Source-Active (SA) message from a configured MSDP peer. An 
attacker could exploit this vulnerability by sending multicast NTP packets to 
an affected device. Repeated exploitation could result in a sustained DoS 
condition.

Cisco has released free software updates that address this vulnerability. A 
workaround is available to mitigate this vulnerability.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ntp

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled 
publication includes eight Cisco Security Advisories. All advisories address 
vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security 
Advisory lists the Cisco IOS Software releases that correct the vulnerability 
or vulnerabilities detailed in the advisory as well as the Cisco IOS Software 
releases that correct all Cisco IOS Software vulnerabilities in the September 
2013 bundled publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS 
Software Security Advisory Bundled Publication" at the following link: 
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlJC6Z4ACgkQUddfH3/BbTrDQAD/ZDkeJZRsPNylydioU1nw+yJ+
8frzFaXjO3g0qqocPjMA/R95PEhewfO2A29QwIyGKLw52QkiSt1sd6e2YsDIN84B
=Xa3k
-----END PGP SIGNATURE-----


------------------------------

Message: 7
Date: Wed, 25 Sep 2013 12:25:03 -0400
From: Cisco Systems Product Security Incident Response Team
        <ps...@cisco.com>
To: sanog@sanog.org
Subject: [SANOG] Cisco Security Advisory: Cisco IOS Software Internet
        Key     Exchange Memory Leak Vulnerability
Message-ID: <201309251225.14....@psirt.cisco.com>
Content-Type: Text/Plain; charset="us-ascii"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability

Advisory ID: cisco-sa-20130925-ike

Revision 1.0

For Public Release 2013 September 25 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS 
Software and Cisco IOS XE Software could allow an unauthenticated, remote 
attacker to cause a memory leak that could lead to a device reload.

The vulnerability is due to incorrect handling of malformed IKE packets by the 
affected software. An attacker could exploit this vulnerability by sending 
crafted IKE packets to a device configured with features that leverage IKE 
version 1 (IKEv1).

Although IKEv1 is automatically enabled on a Cisco IOS Software and Cisco IOS 
XE Software when IKEv1 or IKE version 2 (IKEv2) is configured, the 
vulnerability can be triggered only by sending a malformed IKEv1 packet.

In specific conditions, normal IKEv1 packets can also cause an affected release 
of Cisco IOS Software to leak memory.

Only IKEv1 is affected by this vulnerability.

An exploit could cause Cisco IOS Software not to release allocated memory, 
causing a memory leak. A sustained attack may result in a device reload.

Cisco has released free software updates that address this vulnerability. There 
are no workarounds to mitigate this vulnerability. 

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ike

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled 
publication includes eight Cisco Security Advisories. All advisories address 
vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security 
Advisory lists the Cisco IOS Software releases that correct the vulnerability 
or vulnerabilities detailed in the advisory as well as the Cisco IOS Software 
releases that correct all Cisco IOS Software vulnerabilities in the September 
2013 bundled publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS 
Software Security Advisory Bundled Publication" at the following link: 
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlJC6Z0ACgkQUddfH3/BbTqlXwEAgh4+BJHc44EE50FqW2sNNo57
l9ZxzwJvzF2Tju/Fa18A/2MRGlAmkyvQZTQ/FT/j9wgW+epGNKAZ+XOL7Kwy6Luz
=A0a+
-----END PGP SIGNATURE-----


------------------------------

_______________________________________________
sanog mailing list
sanog@sanog.org
https://lists.sanog.org/mailman/listinfo/sanog

End of sanog Digest, Vol 20, Issue 6
************************************