Secunia Security Advisory - Some vulnerabilities have been reported in Cisco PIX and ASA, which can be exploited by malicious users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service).
6093dead6b3cde678f818e2b3105107b677bf3130eff0de8c6007252851f05df
----------------------------------------------------------------------
Secunia is proud to announce the availability of the Secunia Software
Inspector.
The Secunia Software Inspector is a free service that detects insecure
versions of software that you may have installed in your system. When
insecure versions are detected, the Secunia Software Inspector also
provides thorough guidelines for updating the software to the latest
secure version from the vendor.
Try it out online:
http://secunia.com/software_inspector/
----------------------------------------------------------------------
TITLE:
Cisco PIX and ASA Privilege Escalation and Denial of Service
SECUNIA ADVISORY ID:
SA24160
VERIFY ADVISORY:
http://secunia.com/advisories/24160/
CRITICAL:
Moderately critical
IMPACT:
Privilege escalation, DoS
WHERE:
>From remote
OPERATING SYSTEM:
Cisco PIX 7.x
http://secunia.com/product/6102/
Cisco Adaptive Security Appliance (ASA) 7.x
http://secunia.com/product/6115/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco PIX and ASA, which
can be exploited by malicious users to gain escalated privileges and
by malicious people to cause a DoS (Denial of Service).
1) An unspecified error exists within the enhanced HTTP inspection
feature. This can be exploited to crash the device via malformed HTTP
requests, but requires that enhanced HTTP inspection is enabled.
2) An unspecified error exists within the SIP packet inspection. This
can be exploited to crash the device by sending specially crafted SIP
packets, but requires that "inspect" is enabled (it is disabled by
default).
3) An unspecified error exists within the TCP-based protocol
inspection. This can be exploited to crash the device via malformed
packets, but requires that inspection of TCP-based protocols (e.g.
FTP or HTTP) is enabled.
4) An unspecified error within the "LOCAL" authentication method can
be exploited to gain escalated privileges. Successful exploitation
allows gaining privilege level 15 and changing the complete
configuration of the device, but requires that the attacker can
authenticate to the device and that he is defined in the local
database with privilege level 0.
SOLUTION:
Apply updated versions. See the vendor advisory for a patch matrix.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20070214-pix.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------