ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: Cisco PIX embryonic state machine 1b data DoS



> -----Original Message-----
> From: Randy Ivener (rivener) [mailto:rivener@xxxxxxxxx] 
> Sent: Wednesday, March 08, 2006 12:54 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Cc: mlists@xxxxxxxxxx
> Subject: RE: Cisco PIX embryonic state machine 1b data DoS
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Cisco Response
> ==============
> 
> This is Cisco PSIRT's response to the statements made by Arhont Ltd.-
> Information Security in their messages: 
> "Cisco PIX embryonic state machine 1b data DoS"
> and 
> "Cisco PIX embryonic state machine TTL(n-1) DoS"
> both posted on March 7, 2006.
> 
> Attached is a cleartext, PGP signed version of this same email.
> 
> The original emails are available at:  
> http://www.securityfocus.com/archive/1/426989/30/0/threaded
> and    
> http://www.securityfocus.com/archive/1/426991/30/0/threaded
> 
> These issues have the same root cause that was documented in Arhont
> Ltd.- Information Security's message: 
> "[Full-disclosure] Cisco PIX TCP Connection Prevention",
> posted on November 22, 2005 at: 
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-Novemb
er/038971.
> html
> 
> As detailed in our reply also dated November 22, 2005, this issue is
> being tracked by two Cisco Bug ID's:
> 
> 
>   * CSCsc14915 -- PIX 6.3 Spoofed TCP SYN packets can block
>     legitimate TCP connections
>     This Bug ID tracks the issue for PIX software version 6.3 and
>     older. This DDTS is resolved and available in PIX software
>     version 6.3(5.106). There are workarounds available to mitigate
>     the issue.
> 
> 
>   * CSCsc16014 -- PIX 7.0 Spoofed TCP SYN packets can block
>     legitimate TCP connections
>     This Bug ID tracks the issue for PIX/ASA software version 7.0.
>     This DDTS is resolved and available in PIX/ASA software versions
>     7.0(4.005) and 7.1(1). Additional mitigations and workarounds
>     exist to limit or eliminate the issue.
> 
> 
> Our November 22, 2005 reply is available at:
> http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml
> 
> We would like to thank Arhont Ltd.- Information Security for ensuring
> that these issues were previously addressed as well.
> 
> We greatly appreciate the opportunity to work with researchers on
> security vulnerabilities, and welcome the opportunity to review and
> assist in product reports.
> 
> 
> Additional Information
> ======================
> 
> There have been updates to the information available for these two
> Bug ID's since November 22, 2005. The updated Release Note Enclosures
> are available at:
> 
> 
> CSCsc14915 -- PIX 6.3 Spoofed TCP SYN packets can block legitimate
> TCP connections
> 
> http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=
CSCsc14915
> (registered customers only:
> http://tools.cisco.com/RPF/register/register.do)
> 
> 
> CSCsc16014 -- PIX 7.0 Spoofed TCP SYN packets can block legitimate
> TCP connections
> 
> http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=
CSCsc16014
> (registered customers only:
> http://tools.cisco.com/RPF/register/register.do)
> 
> 
> Cisco Security Procedures
> =========================
> 
> Complete information on reporting security vulnerabilities in Cisco
> products, obtaining assistance with security incidents, and
> registering to receive security information from Cisco, is available
> on Cisco's worldwide website at 
> http://www.cisco.com/en/US/products/products_security_vulnerab
> ility_poli
> cy.html 
> This includes instructions for press inquiries regarding Cisco 
> security notices. All Cisco security advisories are available at 
> http://www.cisco.com/go/psirt 
> 
> 
> Regards, 
> Randy 
> 
> Randy Ivener
> Product Security Incident Response Team (PSIRT)
> Cisco Systems, Inc.
> rivener@xxxxxxxxx 
> http://www.cisco.com/go/psirt
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.1
> 
> iQA/AwUBRA4AxW4/EyDEWh8IEQIQqgCgrwslVgYEzO1A5Rj3d9/AWeXg7GsAoNzC
> +6AAI0jL5lAIkBM7Zb/RdTqM
> =BOJ5
> -----END PGP SIGNATURE-----
> 



 




Copyright © Lexa Software, 1996-2009.