Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsMapsAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Equipment Support » Hardware By Brand » Cisco » Cisco Field Notices and Security Advisories
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
AuthorAll Replies

tdoran
Premium
join:2003-09-27
Ridge, NY

reply to skj
Cisco Security Advisory: Vulnerability In Crypto Library

Title: Cisco Security Advisory: Vulnerability In Crypto Library

URL:
»www.cisco.com/en/US/customer/pro···5d.shtml
(available to registered users)

»www.cisco.com/en/US/products/pro···5d.shtml
(available to non-registered users)

Posted: May 22, 2007

Summary: A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previusly encrypted information.

The vulnerable cryptographic library is used in the following Cisco products:

Cisco IOS
Cisco IOS XR
Cisco PIX and ASA Security Appliances
Cisco Firewall Service Module (FWSM)
Cisco Unified CallManager

This vulnerability is assigned CVE ID CVE-2006-3894. It is externally coordinated and is tracked by the following external coordinators:

JPCERT/CC - tracked as JVNVU#754281

CPNI - tracked as NISCC-362917

CERT/CC - tracked as VU#754281

Cisco has made free software available to address this vulnerability for affected customers.

There are no workarounds available to mitigate the effects of the vulnerability.

to forum · permalink · · 2007-05-22 21:42:33 · Reply to this
-
Forums » Equipment Support » Hardware By Brand » Cisco

Wednesday, 20-Aug 19:44:53 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.
page compression OFF
Most commented news this week
· [93] Was FiOS a Good Idea?
· [77] Landscaping, Courtesy of AT&T?
· [70] ISPs Whine About Network Neutrality 'Paranoia'
· [61] FCC Finally Issues Comcast Throttling Order
· [55] Google Launches White Space Broadband Website
· [53] Craig Moffett: Network Upgrades Are For Ninnies
· [52] Qwest, Unions Strike Deal
· [49] Olympics Didn't Cause The Exaflood
· [49] AT&T Cooking Up New VoIP Product
· [44] First Android Phone Gets FCC Approval
Most people now reading
· How I Stole Someone's Identity [Security]
· Unsupported Computer Configuration [AT&T Southeast]
· [XP Home] FAT32 vs NTFS [Microsoft help]
· [iPhone] 2.0.2 firmware is out, Please post outcome [All things Macintosh]
· [Connectivity] Sandvine kills more than just P2P [Comcast HSI]
· MA Realignment [Verizon FIOS TV]
· VoIP and the 911 dilemma [VOIP Tech Chat]
· How do you file things on your computer? [General Questions]
· DIR-655 Firmware 1.20 Released [D-Link]
· [TWC] Powerboost... how long is it supposed to last [Road Runner]