SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Router/Bridge/Hub)  >  Cisco VPN 3000 Concentrator Vendors:  Cisco
Cisco VPN 3000 Concentrator Bug in HTTP Service Lets Remote Users Deny Service
SecurityTracker Alert ID:  1015546
SecurityTracker URL:  http://securitytracker.com/id?1015546
CVE Reference:  CVE-2006-0483   (Links to External Site)
OSVDB Reference:  22754   (Links to External Site)
Updated:  Apr 26 2006
Original Entry Date:  Jan 26 2006
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  Cisco Security Advisory
Version(s): 4.7.0 through 4.7.2.B
Description:  A vulnerability was reported in Cisco VPN 3000 Concentrator. A remote user can cause denial of service conditions.

A remote user can send a small series of specially crafted HTTP packet to the target concentrator to cause the target device to halt and drop user connections. A remote user can also generate connections to the HTTP port to cause excessive memory and other resource consumption. As a result, concentrator may stall and drop user connections.

In both cases, the power must be reset to return the system to normal operations.

The system is only vulnerable if the HTTP service is enabled (the default configuration).

Only HTTP packets sent to the target device can exploit this flaw. HTTP traffic that traverses the device cannot exploit this flaw.

Models 3005, 3015, 3020, 3030, 3060, and 3080 are affected.

Cisco has assigned Bug ID CSCsb77324 and CSCsd26340 to this vulnerability.

This vulnerability was discovered by Eldon Sprickerhoff of eSentire and disclosed at the ShmooCon security conference on January 12, 2006.
Impact:  A remote user can cause the target device to halt. User connections will be dropped. A power reset is required to return the system to normal operations.
Solution:  The vendor has issued a new version (4.7.2.F and later), available at:

http://www.cisco.com/pcgi-bin/tablebuild.pl/vpn3000-3des

The vendor's advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml
Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml (Links to External Site)
Cause:  Exception handling error

Message History:   None.

 Source Message Contents
Date:  Thu, 26 Jan 2006 15:53:05 -0500
Subject:  Cisco Security Advisory:Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack

 
 
http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2006, SecurityGlobal.net LLC