Multiple vulnerabilities in Cisco IOS SSL implementation

Published: 2007-05-22
Last Updated: 2007-05-22 21:38:07 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)
Cisco published an advisory about multiple vulnerabilities in their IOS SSL implementation (http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c49.shtml).
Several SSL messages (ClientHello, ChangeCipherSpec and Finished), when malformed, can cause Cisco IOS devices to crash.

Cisco said that this is only a DoS attack (no code execution seems to be possible) but as there are a lot of affected devices you should either install the patch or follow the workarounds (which are to disable the affected service(s)).

Thanks to Marc, CJ and Jim.
Keywords:
0 comment(s)

Comments


Diary Archives