Secunia Security Advisory - A vulnerability has been reported in Cisco CSS (Content Services Switch), which can be exploited by malicious users to bypass certain security restrictions.
a59ed98b4f24cfceb39378f1b6f9aec91b819840ff0329b18b5110a6e31f4d5f
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Cisco CSS SSL Authentication Bypass Vulnerability
SECUNIA ADVISORY ID:
SA16761
VERIFY ADVISORY:
http://secunia.com/advisories/16761/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
>From remote
OPERATING SYSTEM:
Cisco Content Services Switch 11500 Series
http://secunia.com/product/5680/
DESCRIPTION:
A vulnerability has been reported in Cisco CSS (Content Services
Switch), which can be exploited by malicious users to bypass certain
security restrictions.
The vulnerability is caused due to an error in handling the situation
when SSL clients fail to renegotiate the SSL session. This can be
exploited to bypass client certificate authentication and may allow
access to protected content.
Successful exploitation requires that client authentication using SSL
certificates is enabled.
The vulnerability has been reported in the following products:
* Cisco CSS 11500 Series Content Services Switches with the
CSS5-SSL-K9 SSL module
* Cisco 11501 Content Services Switch with SSL (CSS11501S-K9)
SOLUTION:
Fixes are available (see patch matrix in vendor advisory).
http://www.cisco.com/warp/public/707/cisco-sn-20050908-css.shtml#swv
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sn-20050908-css.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------