[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 21 Oct 2015 12:42:20 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service 
Vulnerability

Advisory ID: cisco-sa-20150115-asa-dhcp

Revision 2.0

For Public Release 2015 January 15 17:54  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security 
Appliance (ASA) software could allow an unauthenticated, remote attacker to 
cause an affected device to reload.

The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco 
ASA Software is affected by this vulnerability only if the software is 
configured with the DHCPv6 relay feature. An attacker could exploit this 
vulnerability by sending crafted DHCPv6 packets to an affected device.

Cisco has released software updates that address this vulnerability. 
Workarounds that mitigate this vulnerability are not available. This advisory 
is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150115-asa-dhcp

Note: This advisory has been updated to revision 2.0. Please consult the full 
advisory at the following link for details on what has been updated:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150115-asa-dhcp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWJ6q8AAoJEIpI1I6i1Mx3p2EP/1ziOGOAXyxGFpqmNI5SLR/S
x31LjrPOd+C858V98nlt79VHk+YRPmUXw7oJwcLpwUVv7z8S3e4BIgHv0hDodAER
x3DeKiwb1O2IXubTe+SQ4CZgz648bwGBoc7IqqBw/9GKeZqdJDfbReKSpQpSM+0j
Q0fvmba8NwcCYbQPAcYn971hinsgf+503CnT4EUNvaFNXSYZI66G/MnuRi22CMX5
Kh7u8XcIQ3UqjsLxMWk2hstEzvOZQpapsafYqB6VVX16amSl+YZRB59MufTYVqtY
HUrKOfe4RWzzkjKEGSozc254xoWvUpECv/MWtzJf4KV/rwPA9hu2ZS8b/WYYKYh/
ONlXKcOlqakmdchKuucNRC48TQf6+uU+DBHK1XuvSl2d8594Ne/C8+81hzgyk+tj
Ny4U1xSxVtMjAhpgcc6tCqFKemB8uc2zKWt2iocKKp5ReBubhhNC9pTQlq8hYVJU
6JKePHa9Qays0Yo3ZIVHG87Hyx3Z7EJ8xmZQz8j082UrGkilt1WX5AvvX/ubVtMp
EzhGojH546f67U+IjPsNkUBEvidJ28Zp0gF/9UHHn90PyE8K5uAwugHdbEFVnYOG
JVEHbhV0l/4g3aihBBzqHR5W4PMk9biWiMYVFNaSqfHxmr9D+KnykvtQ89ctBj1h
W60bFA/v8p432Pe/xSUp
=cVyH
-----END PGP SIGNATURE-----

Prev by Date: SiteWIX - (edit_photo2.php id) SQL Injection Exploit
Next by Date: Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
Previous by thread: SiteWIX - (edit_photo2.php id) SQL Injection Exploit
Next by thread: Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
Index(es):
- Date
- Thread