(Cisco Issues Advisory for Cisco Content Security Management Appliance Update Servers) OpenSSL Multiple Bugs Let Remote Users Cause the Target Service to Crash - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Device (Embedded Server/Appliance) > Cisco Content Security Management Appliance

(Cisco Issues Advisory for Cisco Content Security Management Appliance Update Servers) OpenSSL Multiple Bugs Let Remote Users Cause the Target Service to Crash

SecurityTracker Alert ID: 1036924

SecurityTracker URL: http://securitytracker.com/id/1036924

CVE Reference: CVE-2016-6302, CVE-2016-6303, CVE-2016-6306 (Links to External Site)

Date: Sep 29 2016

Impact: Denial of service via network

Vendor Confirmed: Yes

Description: Multiple vulnerabilities were reported in OpenSSL. A remote user can cause the target service or application to crash. Cisco Content Security Management Appliance Update Servers are affected.

A remote user can send a specially crafted SHA512 TLS session ticket to trigger an out-of-bounds memory read error and cause the target server to crash [CVE-2016-6302].

A remote user can trigger an integer overflow in the MDC2_Update() function in 'crypto/mdc2/mdc2dgst.c' and cause the target service to crash in certain cases [CVE-2016-6303].

A remote user can trigger an out-of-bounds memory read error in the processing of certain TLS/SSL protocol handshake messages and cause the target application or service to crash [CVE-2016-6306]. Version 1.1.0 is not affected.

A remote user can trigger a memory allocation error in tls_get_message_header() to temporarily consume excessive memory resources on the target system [CVE-2016-6307]. DTLS users are not affected. Version 1.1.0 is affected.

A remote user can trigger a memory allocation error in dtls1_preprocess_fragment() to temporarily consume excessive memory resources on the target system [CVE-2016-6308]. TLS users are not affected. Version 1.1.0 is affected.

Shi Lei (Gear Team, Qihoo 360 Inc.) reported these vulnerabilities.

Impact: A remote user can cause the target service or application to crash.

Solution: Cisco has issued an advisory for CVE-2016-6302, CVE-2016-6303, and CVE-2016-6306 for Cisco Content Security Management Appliance Update Servers.

The Cisco advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl (Links to External Site)

Cause: Access control error, Boundary error, Resource error

Message History: This archive entry is a follow-up to the message listed below.

OpenSSL Multiple Bugs Let Remote Users Cause the Target Service to Crash

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2022, SecurityGlobal.net LLC