The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[NEWS] Cisco VPN 3000 Concentrator SSL DoS


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 31 Mar 2005 18:06:48 +0200
Subject: [NEWS] Cisco VPN 3000 Concentrator SSL DoS
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20050403101328.43C7057F4@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -




  Cisco VPN 3000 Concentrator SSL DoS
------------------------------------------------------------------------


SUMMARY

The Cisco VPN 3000 series concentrators are a family of purpose-built, 
remote access Virtual Private Network (VPN) platforms for data encryption 
and authentication.

A malicious user may be able to send a crafted attack via SSL (Secure 
Sockets Layer) to Cisco's VPN concentrators leading it to reload, and/or 
drop user connections.

DETAILS

Vulnerable Systems:
 * Cisco VPN series that includes the models 3005, 3015, 3020, 3030, 3060, 
3080 and the Cisco VPN 3002 Hardware Client.

Secure Sockets Layer (SSL) is a protocol used to encrypt the data 
transferred over a TCP session. SSL in Cisco products is mainly used by 
the HyperText Transfer Protocol Secure (HTTPS) web service for which the 
default TCP port is 443. Due to this vulnerability, a malicious user may 
send crafted HTTPS packets which may result in a reload of the affected 
device or and/or user connections being dropped.

The affected products are only vulnerable if they have the HTTPS service 
enabled and the access to the service is not limited to trusted hosts or 
network management workstations. By default, HTTPS is not enabled on VPN 
3000 devices, and must be manually enabled. Affected devices are not 
vulnerable to transit traffic, only traffic that is destined to them may 
exploit this vulnerability.

To check if the HTTPS service is enabled, one can do the following:
1. Check the configuration on the device to verify the status of the HTTPS
service.
2. Try to connect to the device using a standard web browser that supports 
SSL
using a URL similar to https://ip_address_of_device/.

No authentication is required to exploit this vulnerability.

Successful exploitation of this vulnerability may result in a reload of 
the affected device or and/or user connections being dropped. Repeated 
exploitation of this vulnerability could result in a sustained Denial of 
Service.

Vendor Status:
Cisco VPN 3000 series users can upgrade to version 4.1.7.B or later 
software to resolve this vulnerability.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:psirt@cisco.com.> Cisco 
Systems Product Security Incident Response Team.
The original article can be found at:  
<http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml>; 
http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml




This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: [email protected] In order to subscribe to the mailing list, simply forward this email to: [email protected]

DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру