[SA34607] Cisco ASA and PIX Multiple Vulnerabilities

----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia
report for 2008.

Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics

Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia

----------------------------------------------------------------------

TITLE:
Cisco ASA and PIX Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA34607

VERIFY ADVISORY:
http://secunia.com/advisories/34607/

DESCRIPTION:
Some vulnerabilities have been reported in Cisco ASA and PIX
appliances, which can be exploited by malicious people to bypass
certain security restrictions or to cause a DoS (Denial of Service).

1) An unspecified error exists in the Cisco ASA and Cisco PIX
security appliances, which can be exploited to bypass authentication
when the "override account" feature is enabled.

This vulnerability is reported in Cisco ASA and PIX software versions
7.1, 7.2, 8.0, and 8.1.

2) An unspecified error in the processing of HTTP packets can be
exploited to cause a reload by sending a specially crafted SSL or
HTTP packet to a Cisco ASA device that is configured to terminate SSL
VPN connections or to an interface where ASDM access is enabled.

This vulnerability is reported in Cisco ASA software versions 8.0 and
8.1.

3) A memory leak in the processing of TCP packets can be exploited to
cause a DoS by sending specially crafted TCP packets to a TCP-based
service on an affected device.

This vulnerability is reported in Cisco ASA and Cisco PIX security
appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 with any of
the following features enabled.

* SSL VPNs
* ASDM Administrative Access
* Telnet Access
* SSH Access
* Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs
* Virtual Telnet
* Virtual HTTP
* Transport Layer Security (TLS) Proxy for Encrypted Voice
Inspection
* Cut-Through Proxy for Network Access
* TCP Intercept

4) An unspecified error in the H.323 inspection can be exploited to
cause a reload of an affected device via specially crafted H.323
packets.

This vulnerability is reported in Cisco ASA and Cisco PIX software
versions 7.0, 7.1, 7.2, 8.0, and 8.1.

5) An unspecified error in the SQL*Net inspection can be exploited to
cause a reload of an affected device via specially crafted SQL*Net
packets.

This vulnerability is reported in Cisco ASA and Cisco PIX software
versions 7.2, 8.0, and 8.1.

6) An unspecified error can be exploited to bypass the implicit deny
behavior when handling Access Control Lists.

This vulnerability is reported in Cisco ASA and Cisco PIX software
versions 7.0, 7.1, 7.2, and 8.0.

SOLUTION:
Update to the fixed versions (please see the vendor advisory for
patch information).

PROVIDED AND/OR DISCOVERED BY:
3) The vendor credits Gregory W. MacPherson and Robert J. Combo from
Verizon Business.
6) The vendor credits Jon Ramsey, Jeff Jarmoc, and Fernando Medrano
from SecureWorks.

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml

OTHER REFERENCES:
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=wz.bluesnow.secunia%40blogger.com

----------------------------------------------------------------------