Send sanog mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sanog.org/mailman/listinfo/sanog
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sanog digest..."
Today's Topics:
1. Cisco Security Advisory: Cisco IOS and IOS XE Software AAA
Login Denial of Service Vulnerability
(Cisco Systems Product Security Incident Response Team)
2. Cisco Security Advisory: Cisco IOS Software Common Industrial
Protocol Request Denial of Service Vulnerability
(Cisco Systems Product Security Incident Response Team)
3. Cisco Security Advisory: Cisco IOS and IOS XE Software DNS
Forwarder Denial of Service Vulnerability
(Cisco Systems Product Security Incident Response Team)
4. Cisco Security Advisory: Cisco IOS XE Software NAT Denial of
Service Vulnerability
(Cisco Systems Product Security Incident Response Team)
5. Cisco Security Advisory: Cisco IOS XE Software IP Fragment
Reassembly Denial of Service Vulnerability
(Cisco Systems Product Security Incident Response Team)
6. Cisco Security Advisory: Cisco IOS and IOS XE Software H.323
Message Validation Denial of Service Vulnerability
(Cisco Systems Product Security Incident Response Team)
----------------------------------------------------------------------
Message: 1
Date: Wed, 28 Sep 2016 12:22:27 -0400
From: Cisco Systems Product Security Incident Response Team
<[email protected]>
To: [email protected]
Subject: [SANOG] Cisco Security Advisory: Cisco IOS and IOS XE
Software AAA Login Denial of Service Vulnerability
Message-ID: <[email protected]>
Content-Type: Text/Plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of
Service Vulnerability
Advisory ID: cisco-sa-20160928-aaados
Revision: 1.0
For Public Release: 2016 September 28 16:00 GMT
+------------------------------------------------------------------------------
Summary
=======
A vulnerability in the Authentication, Authorization, and Accounting (AAA)
service for remote Secure Shell Host (SSH) connections to the device for Cisco
IOS and IOS XE Software could allow an unauthenticated, remote attacker to
cause the vulnerable device to reload.
The vulnerability is due to an error log message when a remote SSH connection
to the device fails AAA authentication. An attacker could exploit this
vulnerability by attempting to authenticate to the targeted device. An exploit
could allow the attacker to cause a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There is a
workaround that addresses this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados
This advisory is part of the September 28, 2016, release of the Cisco IOS and
IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco
Security Advisories that describe 11 vulnerabilities. All the vulnerabilities
have a Security Impact Rating of High. For a complete list of the advisories
and links to them, see Cisco Event Response: September 2016 Semiannual Cisco
IOS and IOS XE Software Security Advisory Bundled Publication.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5QhAQAK1qcs2Tofs/jtgm6V8kf6/T
KF1o/mYTtsWhv+ktaYNGRWQAwRmeBksGPfkeDuYmj4uhtRiPAUwDknbBVnXd24Yv
RYeyS8tULGH/PYUZnWOcxc3dee/+OMBnJjkbY3MMtb2dfwXOOKqIShrKoBvp8ZFc
GBbD2vqh86qxPTS9OUgPrR2RcmeqC7GwAV/iCIYJs/lX1E/BjgCbW2YHNBFUwOk4
f7v/fB5eeFjTT/PTgVZXkJJXMgG1P3z8qDZLkwUtvMrdOixz/3d4T3Cfro90mrBV
l6TXdTQ+r/rHGRLhqE/m3eTKGK5471WoeiPbS40WBuDQN2h/Li52s9B7oIpTX7eL
UeZ7BpjxhRzJqB48mWRnmRh8kiXykgcnCiE5PTEKtuo5HMRmj84Q8vxqNy83ILTK
WDCNYf21KaSxnWF2vWqcg11wHyrLvbyV5k4nFaRG+rUukAPTjqolT+IyjrfRA5pY
+boX6cergmOnA+ZFIsYU7Km+c1JE0syOdmsmtMeH2EfmRS27DqrhQy8PsPPzY/wQ
Wyk6Z8vQfkuAU6qWoD7QfanfQA21bhzmyXSB4+tbBLpuUyG1iLcFWj77FZYdptI1
7Iutbzve8/WulwBbfSCWtWVs0pk/PU0D9bVSSoa5mwtuXUuB/2MNn/nH32Trr1h4
JgDHUl8OoK1XzRBxRuK7
=NlPr
-----END PGP SIGNATURE-----
------------------------------
Message: 2
Date: Wed, 28 Sep 2016 12:22:59 -0400
From: Cisco Systems Product Security Incident Response Team
<[email protected]>
To: [email protected]
Subject: [SANOG] Cisco Security Advisory: Cisco IOS Software Common
Industrial Protocol Request Denial of Service Vulnerability
Message-ID: <[email protected]>
Content-Type: Text/Plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request
Denial of Service Vulnerability
Advisory ID: cisco-sa-20160928-cip
Revison: 1.0
For Public Release: 2016 September 28 16:00 GMT
+------------------------------------------------------------------------------
Summary
=======
A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS
Software could allow an unauthenticated, remote attacker to create a denial of
service (DoS) condition.
The vulnerability is due to a failure to properly process an unusual, but
valid, set of requests to an affected device. An attacker could exploit this
vulnerability by submitting a CIP message request designed to trigger the
vulnerability to an affected device. An exploit could cause the switch to stop
processing traffic, requiring a restart of the device to regain functionality.
Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip
This advisory is part of the September 28, 2016, release of the Cisco IOS and
IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco
Security Advisories that describe 11 vulnerabilities. All the vulnerabilities
have a Security Impact Rating of High. For a complete list of the advisories
and links to them, see Cisco Event Response: September 2016 Semiannual Cisco
IOS and IOS XE Software Security Advisory Bundled Publication.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB55BcP/3jsgDFYqZpxEZUO2ZJaXn/I
cgITUamc+GyA2e7GSr6PEFqH8IY2GjIqw9+yeJY3GLbI5yD7tr7W0ssZHR/8zKlA
Vd2Cii5IPb0MScMMD9pr4jVzEDH8t3HbBIltM3/3v9Xhrf6u+NgxHXb1V9sJpXOQ
Q+2FUNsnPHq0xP1/ukdL+NkO/Znil5HasxNlCDSQHzCEg3+Gv6lUIXsCd3fdYeS9
UfWwXTEM3/2cPMC2sNst4k59T6p9t5wC010OqmWkkyqy0+poyWGmqv8upX7iwq+C
Z+RprABHZh5lJIrk31bAJRTdRpe1iAwRQw/FBU3AkxTMZpE1JiDOPqEKXpvIm4MF
UKCBXKibP1TAZnpa/Od59xpeOZ7lm7Iyr5J394s+ke1J3g8avbU7t9tglIYuBkCx
rRbcik5osYpRq0Fy7YzAFNb7SG4RlrLjunU/A/ieDMVTyQ+areRl0vdd5F7Z0bDF
+fowEopXbgFTWl1FdKFXa0wtwnY+YDYKYzqUfLYeeyLjxNWrj52HVNA+L5ICd/N3
gyBgbDHnLvBn7WlTJdlW4DATG/hUyme0vZRWnIH8QDR5T+U6gWWCTme9ljnsL+qO
DFZrDRpgCbC3qbAD8mDHjvDStoq2gMlx4vdfkdeOC3l2dGtfRt30XdKXQ1mYumH6
6ajuf0yVKs/g0HJJ97Rd
=Jpzz
-----END PGP SIGNATURE-----
------------------------------
Message: 3
Date: Wed, 28 Sep 2016 12:23:36 -0400
From: Cisco Systems Product Security Incident Response Team
<[email protected]>
To: [email protected]
Subject: [SANOG] Cisco Security Advisory: Cisco IOS and IOS XE
Software DNS Forwarder Denial of Service Vulnerability
Message-ID: <[email protected]>
Content-Type: Text/Plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS and IOS XE Software DNS Forwarder Denial of
Service Vulnerability
Advisory ID: cisco-sa-20160928-dns
Revision: 1.0
For Public Release: 2016 September 28 16:00 GMT
+------------------------------------------------------------------------------
Summary
=======
A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE
Software could allow an unauthenticated, remote attacker to cause the device to
reload, corrupt the information present in the device's local DNS cache, or
read part of the process memory.
The vulnerability is due to a flaw in handling crafted DNS response messages.
An attacker could exploit this vulnerability by intercepting and crafting a DNS
response message to a client DNS query that was forwarded from the affected
device to a DNS server. A successful exploit could cause the device to reload,
resulting in a denial of service (DoS) condition or corruption of the local DNS
cache information.
Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
This advisory is part of the September 28, 2016, release of the Cisco IOS and
IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco
Security Advisories that describe 11 vulnerabilities. All the vulnerabilities
have a Security Impact Rating of High. For a complete list of the advisories
and links to them, see Cisco Event Response: September 2016 Semiannual Cisco
IOS and IOS XE Software Security Advisory Bundled Publication.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5XWkP/itLASjeD40VVxzeX2jqUoV2
mk3NvhsP17XepKKjtLcITjTxLfVl7Dfwj3sThdqZ8AcE0bNnP01Wu611pc/+LoE9
Glp82vHWQML/0SrcD2dLzr5k9VamHzah9cb/ueF1Dh7FhS8geQp5/AqlpHwEgoS2
7HDjr5n7Sxy4+aJpt+hYkl+2A3WN8FhvEnZmRPfajOowTX7d/M5ywada+Pi/A4D2
xuV5DTRxO+ujzcCEF4mKE0X6wI5LsC51F4p8fxSgsOEugxmYAhAcw2yCTei6OmGx
Nagx4xSjlgGV39cJTxRF9Xpgeyw/fbsFPJrcsDXUzByRTHuRvlj7Z7haazn9VtRV
kx82+ajlhPW3b63PEvoZ6NyiiEkqxaEtIDANq8MHHCptfx7W3VIP9qfx8bUF2cQb
341IhmWkHBhtQHbl8h7IABrjhNSti87njPG/hopkOfqmBr9nEHPLlaPUcKpNd9AJ
7OaRh+yPiHMMGitUokwHTFS5QrmBdTUsEGqqUEZvpz6hY3I8mNTndcXJKiNZUT2n
9Jj+5hOfLej4yJo4F8z/iIo2qI55KMRMAiqsJMVnfj9xilyczkOW6IeXdvRVUXx5
S+94kX0CRhAjpY5OZPHDz+V1JCPIuOhhhWlRcw8khpBeojKhtSW7hzPsv+Pr5tvp
UlQQldBmKnA3nehuvIEF
=4+3s
-----END PGP SIGNATURE-----
------------------------------
Message: 4
Date: Wed, 28 Sep 2016 12:24:09 -0400
From: Cisco Systems Product Security Incident Response Team
<[email protected]>
To: [email protected]
Subject: [SANOG] Cisco Security Advisory: Cisco IOS XE Software NAT
Denial of Service Vulnerability
Message-ID: <[email protected]>
Content-Type: Text/Plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service
Vulnerability
Advisory ID: cisco-sa-20160928-esp-nat
Revision: 1.0
For Public Release: 2016 September 28 16:00 GMT
+------------------------------------------------------------------------------
Summary
=======
A vulnerability in the implementation of Network Address Translation (NAT)
functionality in Cisco IOS XE Software could allow an unauthenticated, remote
attacker to cause an affected device to reload.
The vulnerability is due to improper handling of malformed ICMP packets by the
affected software. An attacker could exploit this vulnerability by sending
crafted ICMP packets that require NAT processing by an affected device. A
successful exploit could allow the attacker to cause the device to reload,
resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat
This advisory is part of the September 28, 2016, release of the Cisco IOS and
IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco
Security Advisories that describe 11 vulnerabilities. All the vulnerabilities
have a Security Impact Rating of High. For a complete list of the advisories
and links to them, see Cisco Event Response: September 2016 Semiannual Cisco
IOS and IOS XE Software Security Advisory Bundled Publication.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB55ZkQAK3+Rm0PWnY7f1hzQe/svkhg
lh6oi0Kg7UfdHcBpqMd3N/zYTePjD/DTwbGAV0vtgMhPGAEg0Q0L90GE4H5zudgU
FktSxr15lKSXpZFooUjQFUSKjqTgDoxV/l0LGy/QqLx4kILHucQly6L34n5O4v1q
OdrGjMKzGlG2AIxZOK9VL1Cbvh/XdXInmiOTfjcJrxJ+MMGtK2owJVo6n5jmiaIK
7gIfFdZmI6ODKX47SmRQRe5QWj0pB37zN+RO6N2tN2FHXu/3Wyt4O0SAvbCHhcWu
dxRZRhcGUb97xHAJnY5hGRNP25hecl6blq5LLE8vt8G1IIMZGaDFVk+fu96IZ8EC
sNgcX9McYdlKTfGfTcgVJwzBp+sFHgrLZngY4xOMKOCKssKT44kO7/WnKVu4jyeQ
2jtaWm9s46dbXWm7poqy4aHlP7tSC9miZXyR25yOUSJqWSyhFRBNsiixuw3ocJtT
oBm75amZwqNbxZAM4MdA4h4KCfzM/w6WtBGNr1sGzoP0E5oKrSgKLIpYV6QE4916
lq4GPn7v3wXKIoHNskuNivnAEKspn5qy3RkJ6cdb9HfFrjyq4ylXDBiwsG2gzCoA
7sJRBxRTe97iDwI/33BtFtYBtpwbHlnD5+ldZb4mRjfKUHPJ2jzgRo4WEvRoOW9C
0dgRoK3Me1LL/+ULExyS
=OKzi
-----END PGP SIGNATURE-----
------------------------------
Message: 5
Date: Wed, 28 Sep 2016 12:24:41 -0400
From: Cisco Systems Product Security Incident Response Team
<[email protected]>
To: [email protected]
Subject: [SANOG] Cisco Security Advisory: Cisco IOS XE Software IP
Fragment Reassembly Denial of Service Vulnerability
Message-ID: <[email protected]>
Content-Type: Text/Plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS XE Software IP Fragment Reassembly Denial of
Service Vulnerability
Advisory ID: cisco-sa-20160928-frag
Revision: 1.0
For Public Release: 2016 September 28 16:00 GMT
+------------------------------------------------------------------------------
Summary
=======
A vulnerability in the IPv4 fragment reassembly function of Cisco IOS XE
Software could allow an unauthenticated, remote attacker to cause an affected
device to reload.
The vulnerability is due to the corruption of an internal data structure that
occurs when the affected software reassembles an IPv4 packet. An attacker could
exploit this vulnerability by sending crafted IPv4 fragments to an affected
device. A successful exploit could allow the attacker to cause the device to
reload, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag
This advisory is part of the September 28, 2016, release of the Cisco IOS and
IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco
Security Advisories that describe 11 vulnerabilities. All the vulnerabilities
have a Security Impact Rating of High. For a complete list of the advisories
and links to them, see Cisco Event Response: September 2016 Semiannual Cisco
IOS and IOS XE Software Security Advisory Bundled Publication.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5sbMQALq6iWNFj/itLZc129dgqq/x
zNdAxTVmQIurF1ak4RpTLzNPJM0KY19ymXVOe7+K5vEz3mkP59J5T7vzNhR+sDUa
DMV0ytPhXSmVQXxDBYE3ChiVCcSoDcStK8pE50aHY5Fh31pUsFZQSsE44mTOA9f+
IW8DRJEwZghifgefBFbv5EncepVof7GoZAaeYaefhGevkIBLIjf8YOZWiDbB3taH
UW0+Y7mdKxTYFP/z80kin/xrVYbSYfcrjlKs7OFPUeKXx1Mlq+HeNRYE06H5mm5B
9uKJ2+AdnJ4CTZORiQ+/1DeDp1SL5PWpQpGH511kJvDNTEE94qO4uoRU38fsS8V8
dyA0A+vHszWr2Pm6pYXoaY7UjO+0TpAeTQF6jnCjpQkSNMNevBanG/z9OGir6P9T
DVhWajmXwL9AI02yy8irulpfgCpnN6i2HiTLRPb/UPuELh5rlkv6B9N7qvirWiUY
L+8Wel3dXa7tWIBcKC60bciaxeiYkn3ztyE9OixS9xkdZIzV3r15/I4+LXZbSq3z
TzVU1eg1qRQsY4EauIMpBeMEfU14dgpnqAE6zbi3GsZy1GEL27VoDEVYF7qX6zPe
Eodo2gPk9HgVbRiaK5gj4rREVmEkeXJCK7mJG82asiCByvaJ1wDBMPUtwtKsm+nE
YWqDvhZqr1gIfWoEwAD9
=/dTu
-----END PGP SIGNATURE-----
------------------------------
Message: 6
Date: Wed, 28 Sep 2016 12:25:14 -0400
From: Cisco Systems Product Security Incident Response Team
<[email protected]>
To: [email protected]
Subject: [SANOG] Cisco Security Advisory: Cisco IOS and IOS XE
Software H.323 Message Validation Denial of Service Vulnerability
Message-ID: <[email protected]>
Content-Type: Text/Plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS and IOS XE Software H.323 Message Validation
Denial of Service Vulnerability
Advisory ID: cisco-sa-20160928-h323
Revison: 1.0
For Public Release: 2016 September 28 16:00 GMT
+------------------------------------------------------------------------------
Summary
=======
A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could
allow an unauthenticated, remote attacker to create a denial of service (DoS)
condition on an affected device.
The vulnerability is due to a failure to properly validate certain fields in an
H.323 protocol suite message. When processing the malicious message, the
affected device may attempt to access an invalid memory region, resulting in a
crash. An attacker who can submit an H.323 packet designed to trigger the
vulnerability could cause the affected device to crash and restart.
Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323
This advisory is part of the September 28, 2016, release of the Cisco IOS and
IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco
Security Advisories that describe 11 vulnerabilities. All the vulnerabilities
have a Security Impact Rating of High. For a complete list of the advisories
and links to them, see Cisco Event Response: September 2016 Semiannual Cisco
IOS and IOS XE Software Security Advisory Bundled Publication.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIbBAEBCAAGBQJX6vstAAoJEK89gD3EAJB5IScP91+OWtoWaofXBhyamAupeKvx
AFBO7CWNyj9HR+6mJbEBrPHoYuWgTpFIG/DKLRSG0Pc82hBV5+XcRZhFhehbI+FK
qSvKkqpw2tjvnYQqT073UsZkfKXzkQrBYObwXjrSHWauonQFBZmZQTl05L9fxLtZ
VkeFgrcMRSTWdVFs3NRvSdivZbCe0j4iYkWOW5pdgI6xTWoItgKxBOG/yVB6MNDN
5rwYlbCand/k8zQde58Jyuy+7RXH8p/w5xOxv0g7wjJJw5I/nKTiOdPgSr+5iBmT
J10+jw0JuE0jQW58XeaTDYBAUIF/YXLY+1mB+0i2CTGgZ/ZRKOutd1a7yCRT7gx9
LMQgkKXVZq4DiGx4Xo2BgblyWDluRW4yniEMGe/GyMlkYGVtlTpAavVcp91X+b9+
VolKqUuSCq6Dee5zIT6rF+K8YOK2p5b6s+gfybpkx372UKM6kJYFtlvHR6YKVl/x
TS/iGcc+2+qx4GcwUkRAsJCdUyOliKndwUQkDA6qlRLrCyK1ExlN66NJ3G/ZqBlJ
ynacQ1H1HWp0EFZSUOd51RqDNOWzYYo3GORC77x1sP0gbCYQZ9uXY1orR7v+F+Mi
mv7Z1NGbG64z7X2UuKvHxIQXwB/dM3im2s5bHDIIriyvJQVis1ghCcLC82urT0f+
TZL11sZmIHAQ4VpFXuQ=
=5oY6
-----END PGP SIGNATURE-----
------------------------------
Subject: Digest Footer
_______________________________________________
sanog mailing list
[email protected]
https://lists.sanog.org/mailman/listinfo/sanog
------------------------------
End of sanog Digest, Vol 56, Issue 7
************************************
