Cisco IOS and IOS XE: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.2283
                   Cisco IOS and IOS XE Vulnerabilities
                             29 September 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco IOS and IOS XE
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-6393 CVE-2016-6392 CVE-2016-6391
                   CVE-2016-6386 CVE-2016-6385 CVE-2016-6384
                   CVE-2016-6382 CVE-2016-6381 CVE-2016-6380
                   CVE-2016-6379 CVE-2016-6378 

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi

Comment: This bulletin contains ten (10) Cisco Systems security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-cip

Revison: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition.

The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB55BcP/3jsgDFYqZpxEZUO2ZJaXn/I
cgITUamc+GyA2e7GSr6PEFqH8IY2GjIqw9+yeJY3GLbI5yD7tr7W0ssZHR/8zKlA
Vd2Cii5IPb0MScMMD9pr4jVzEDH8t3HbBIltM3/3v9Xhrf6u+NgxHXb1V9sJpXOQ
Q+2FUNsnPHq0xP1/ukdL+NkO/Znil5HasxNlCDSQHzCEg3+Gv6lUIXsCd3fdYeS9
UfWwXTEM3/2cPMC2sNst4k59T6p9t5wC010OqmWkkyqy0+poyWGmqv8upX7iwq+C
Z+RprABHZh5lJIrk31bAJRTdRpe1iAwRQw/FBU3AkxTMZpE1JiDOPqEKXpvIm4MF
UKCBXKibP1TAZnpa/Od59xpeOZ7lm7Iyr5J394s+ke1J3g8avbU7t9tglIYuBkCx
rRbcik5osYpRq0Fy7YzAFNb7SG4RlrLjunU/A/ieDMVTyQ+areRl0vdd5F7Z0bDF
+fowEopXbgFTWl1FdKFXa0wtwnY+YDYKYzqUfLYeeyLjxNWrj52HVNA+L5ICd/N3
gyBgbDHnLvBn7WlTJdlW4DATG/hUyme0vZRWnIH8QDR5T+U6gWWCTme9ljnsL+qO
DFZrDRpgCbC3qbAD8mDHjvDStoq2gMlx4vdfkdeOC3l2dGtfRt30XdKXQ1mYumH6
6ajuf0yVKs/g0HJJ97Rd
=Jpzz
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS XE Software IP Fragment Reassembly Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-frag

Revision: 1.0

For Public Release: 2016 September 28 16:00 GMT

+------------------------------------------------------------------------------

Summary
=======

A vulnerability in the IPv4 fragment reassembly function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to the corruption of an internal data structure that occurs when the affected software reassembles an IPv4 packet. An attacker could exploit this vulnerability by sending crafted IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5sbMQALq6iWNFj/itLZc129dgqq/x
zNdAxTVmQIurF1ak4RpTLzNPJM0KY19ymXVOe7+K5vEz3mkP59J5T7vzNhR+sDUa
DMV0ytPhXSmVQXxDBYE3ChiVCcSoDcStK8pE50aHY5Fh31pUsFZQSsE44mTOA9f+
IW8DRJEwZghifgefBFbv5EncepVof7GoZAaeYaefhGevkIBLIjf8YOZWiDbB3taH
UW0+Y7mdKxTYFP/z80kin/xrVYbSYfcrjlKs7OFPUeKXx1Mlq+HeNRYE06H5mm5B
9uKJ2+AdnJ4CTZORiQ+/1DeDp1SL5PWpQpGH511kJvDNTEE94qO4uoRU38fsS8V8
dyA0A+vHszWr2Pm6pYXoaY7UjO+0TpAeTQF6jnCjpQkSNMNevBanG/z9OGir6P9T
DVhWajmXwL9AI02yy8irulpfgCpnN6i2HiTLRPb/UPuELh5rlkv6B9N7qvirWiUY
L+8Wel3dXa7tWIBcKC60bciaxeiYkn3ztyE9OixS9xkdZIzV3r15/I4+LXZbSq3z
TzVU1eg1qRQsY4EauIMpBeMEfU14dgpnqAE6zbi3GsZy1GEL27VoDEVYF7qX6zPe
Eodo2gPk9HgVbRiaK5gj4rREVmEkeXJCK7mJG82asiCByvaJ1wDBMPUtwtKsm+nE
YWqDvhZqr1gIfWoEwAD9
=/dTu
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-esp-nat

Revision: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB55ZkQAK3+Rm0PWnY7f1hzQe/svkhg
lh6oi0Kg7UfdHcBpqMd3N/zYTePjD/DTwbGAV0vtgMhPGAEg0Q0L90GE4H5zudgU
FktSxr15lKSXpZFooUjQFUSKjqTgDoxV/l0LGy/QqLx4kILHucQly6L34n5O4v1q
OdrGjMKzGlG2AIxZOK9VL1Cbvh/XdXInmiOTfjcJrxJ+MMGtK2owJVo6n5jmiaIK
7gIfFdZmI6ODKX47SmRQRe5QWj0pB37zN+RO6N2tN2FHXu/3Wyt4O0SAvbCHhcWu
dxRZRhcGUb97xHAJnY5hGRNP25hecl6blq5LLE8vt8G1IIMZGaDFVk+fu96IZ8EC
sNgcX9McYdlKTfGfTcgVJwzBp+sFHgrLZngY4xOMKOCKssKT44kO7/WnKVu4jyeQ
2jtaWm9s46dbXWm7poqy4aHlP7tSC9miZXyR25yOUSJqWSyhFRBNsiixuw3ocJtT
oBm75amZwqNbxZAM4MdA4h4KCfzM/w6WtBGNr1sGzoP0E5oKrSgKLIpYV6QE4916
lq4GPn7v3wXKIoHNskuNivnAEKspn5qy3RkJ6cdb9HfFrjyq4ylXDBiwsG2gzCoA
7sJRBxRTe97iDwI/33BtFtYBtpwbHlnD5+ldZb4mRjfKUHPJ2jzgRo4WEvRoOW9C
0dgRoK3Me1LL/+ULExyS
=OKzi
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-aaados

Revision: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload.

The vulnerability is due to an error log message when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this vulnerability by attempting to authenticate to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5QhAQAK1qcs2Tofs/jtgm6V8kf6/T
KF1o/mYTtsWhv+ktaYNGRWQAwRmeBksGPfkeDuYmj4uhtRiPAUwDknbBVnXd24Yv
RYeyS8tULGH/PYUZnWOcxc3dee/+OMBnJjkbY3MMtb2dfwXOOKqIShrKoBvp8ZFc
GBbD2vqh86qxPTS9OUgPrR2RcmeqC7GwAV/iCIYJs/lX1E/BjgCbW2YHNBFUwOk4
f7v/fB5eeFjTT/PTgVZXkJJXMgG1P3z8qDZLkwUtvMrdOixz/3d4T3Cfro90mrBV
l6TXdTQ+r/rHGRLhqE/m3eTKGK5471WoeiPbS40WBuDQN2h/Li52s9B7oIpTX7eL
UeZ7BpjxhRzJqB48mWRnmRh8kiXykgcnCiE5PTEKtuo5HMRmj84Q8vxqNy83ILTK
WDCNYf21KaSxnWF2vWqcg11wHyrLvbyV5k4nFaRG+rUukAPTjqolT+IyjrfRA5pY
+boX6cergmOnA+ZFIsYU7Km+c1JE0syOdmsmtMeH2EfmRS27DqrhQy8PsPPzY/wQ
Wyk6Z8vQfkuAU6qWoD7QfanfQA21bhzmyXSB4+tbBLpuUyG1iLcFWj77FZYdptI1
7Iutbzve8/WulwBbfSCWtWVs0pk/PU0D9bVSSoa5mwtuXUuB/2MNn/nH32Trr1h4
JgDHUl8OoK1XzRBxRuK7
=NlPr
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-dns

Revision: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory.

The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by intercepting and crafting a DNS response message to a client DNS query that was forwarded from the affected device to a DNS server. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5XWkP/itLASjeD40VVxzeX2jqUoV2
mk3NvhsP17XepKKjtLcITjTxLfVl7Dfwj3sThdqZ8AcE0bNnP01Wu611pc/+LoE9
Glp82vHWQML/0SrcD2dLzr5k9VamHzah9cb/ueF1Dh7FhS8geQp5/AqlpHwEgoS2
7HDjr5n7Sxy4+aJpt+hYkl+2A3WN8FhvEnZmRPfajOowTX7d/M5ywada+Pi/A4D2
xuV5DTRxO+ujzcCEF4mKE0X6wI5LsC51F4p8fxSgsOEugxmYAhAcw2yCTei6OmGx
Nagx4xSjlgGV39cJTxRF9Xpgeyw/fbsFPJrcsDXUzByRTHuRvlj7Z7haazn9VtRV
kx82+ajlhPW3b63PEvoZ6NyiiEkqxaEtIDANq8MHHCptfx7W3VIP9qfx8bUF2cQb
341IhmWkHBhtQHbl8h7IABrjhNSti87njPG/hopkOfqmBr9nEHPLlaPUcKpNd9AJ
7OaRh+yPiHMMGitUokwHTFS5QrmBdTUsEGqqUEZvpz6hY3I8mNTndcXJKiNZUT2n
9Jj+5hOfLej4yJo4F8z/iIo2qI55KMRMAiqsJMVnfj9xilyczkOW6IeXdvRVUXx5
S+94kX0CRhAjpY5OZPHDz+V1JCPIuOhhhWlRcw8khpBeojKhtSW7hzPsv+Pr5tvp
UlQQldBmKnA3nehuvIEF
=4+3s
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-h323

Revison: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition on an affected device.

The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message. When processing the malicious message, the affected device may attempt to access an invalid memory region, resulting in a crash. An attacker who can submit an H.323 packet designed to trigger the vulnerability could cause the affected device to crash and restart.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIbBAEBCAAGBQJX6vstAAoJEK89gD3EAJB5IScP91+OWtoWaofXBhyamAupeKvx
AFBO7CWNyj9HR+6mJbEBrPHoYuWgTpFIG/DKLRSG0Pc82hBV5+XcRZhFhehbI+FK
qSvKkqpw2tjvnYQqT073UsZkfKXzkQrBYObwXjrSHWauonQFBZmZQTl05L9fxLtZ
VkeFgrcMRSTWdVFs3NRvSdivZbCe0j4iYkWOW5pdgI6xTWoItgKxBOG/yVB6MNDN
5rwYlbCand/k8zQde58Jyuy+7RXH8p/w5xOxv0g7wjJJw5I/nKTiOdPgSr+5iBmT
J10+jw0JuE0jQW58XeaTDYBAUIF/YXLY+1mB+0i2CTGgZ/ZRKOutd1a7yCRT7gx9
LMQgkKXVZq4DiGx4Xo2BgblyWDluRW4yniEMGe/GyMlkYGVtlTpAavVcp91X+b9+
VolKqUuSCq6Dee5zIT6rF+K8YOK2p5b6s+gfybpkx372UKM6kJYFtlvHR6YKVl/x
TS/iGcc+2+qx4GcwUkRAsJCdUyOliKndwUQkDA6qlRLrCyK1ExlN66NJ3G/ZqBlJ
ynacQ1H1HWp0EFZSUOd51RqDNOWzYYo3GORC77x1sP0gbCYQZ9uXY1orR7v+F+Mi
mv7Z1NGbG64z7X2UuKvHxIQXwB/dM3im2s5bHDIIriyvJQVis1ghCcLC82urT0f+
TZL11sZmIHAQ4VpFXuQ=
=5oY6
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software IP Detail Record Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-ipdr

Revision: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

A vulnerability in the IP Detail Record (IPDR) code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload.

The vulnerability is due to improper handling of IPDR packets. An attacker could exploit this vulnerability by sending crafted IPDR packets to an affected system. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB5cTAQANacywd8Tm+umYNn6ThhV79U
zon3EGAw0Ip0P7yivkLEbcreVBnzKYNPfI4MFcx8LoPjRIrdQ9zz5BaaMHQ0iuwE
48INPpKt770/Ch09xeJ3VFoMYis4KuTt1LxxFF0GmotIMb2j0tWptgTaKgzRbZkS
ucskkvlzpzCGXULeYM5WbumoLG8r/shZq9YqhvTHeiunf346t76ouAxoJhM81EdA
yyT8PDDrU7fpJt5yOUkQ/fqWW9jERoQMHOjSs2rtdQKNhERsm4jR0IWgkAz8GVAq
eOAusgNBGrghvGpKDyskuBHewxwRO6VxY9YOnZIr8z3cimsuzd94qQ1iRxNpHXPP
t5kWlj3Rf2zz0ygTV7Ed7mTRBgzBdVA9gtvbDLGAg4d9MCU/axSeS95iHRRzxOeQ
Q3gjb1+uGW1yiNaf9QQ0X3OzPiqF3VLBeuhXXFAXRpMuPMRwCP14ZeIr6QtbvPj2
aiJUKDpRU9qewl4e508a2YR4Z5MWQERqpa4uFDHkgmT0QSYQVZjeFWI0AlBDFGkd
VmNpqZsleXkrJQIGCo6On+Y5f7XAHPiii6LtWIFD46mMLtqGfkxnFduIR+b149e1
+ZxjmBRtLnyd1azIy6NRAwn+5pACLI4Zc4HsNmxuDZVxjEiH+TzR8IZ7xkfu8d1f
MRHUGwKUgzfjgDJhIh8B
=Ajyx
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-ios-ikev1

Revision: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======
A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. 

The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system.

Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB56nIP/3nkibZCUPqC2Aki8HhkABUi
CsKrKk/a/eG1Y+4yGM2pFIfUwVXUX8cjIus14c418CxuePCNZf/u8WcNcKnd+QNa
WahXGn2krIlas7g8kJP8Pvk8nVyxYF10nR8MPQDjCyGXmuAbRdkuPUjEopDkMr4R
xabgu/jL7M+ZEfnwbGZRhq3jMBiHxKhOSZO3qDZYKOMB3KALQBPL4GiRGO1eHrzs
F6ZE6/l4d5GvtiSeD8WJ1A8oY3gSo6qD7VZcnDq3ZvHN2Elnc9WRs28CN70eh+xz
VQDN7+Vm2GqvRgRSGtypk7vLmaeUnZEXQ5jpJHQFgTnp7n4elVH4dC2DmF1bYd/m
M220xbScBKvVjjUihQechgTsINwkBbARAnuTlN+IL/2FQqF+XEmSMLzEgvTMD/gn
aNk48i8Vx2nAPd8lzi5Ab2mvX14ss/tonnz6behCd5uqKU0UZ18bUEqc2haYAAM4
iWiE4K4SqorOHZwcpWSsJ7Vs72wmXRYnxzD2A2meTskyLQo5cJP6eqkK7Tadqf18
ao3Ao4hdVbkRVEMnhG9N1oVB5X9GAIsUMfeWEA/nKuomLLO37NgDEc8Rg278W6og
SH75yARDeViyDQg7+AlZnlJlB82+ORgMlsJFBUD3hKhCQYX4Ou3GU5BccPxY4KAQ
oWNuau9ap2FXdMVrW4gl
=Ku7Q
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities

Advisory ID:  cisco-sa-20160928-msdp

Revision: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM).

The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart.

The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB561YQAJOjzfSJejNp1gjlewhIWplx
q16B1gGQVWYLquXpaVrvVvelMZ7pk3JD0zrH2MVh1s/TUNEqtm7oJutt+KWAqoNU
Z7m0+uo/wE8S8AOmZXR1tu9KY+z8sFQp7Te1UetXA+S1F6pz0vy9OhkuwTcZNj/M
SEr30EodtSLpQMC/MktE5gnTB8Bw6hSNYdDg9Q9gLpL9tc8466rSCJ0iM0L+wEYD
7eno/yufeV6KpuabR1tCSVgvEdU/Z5SSWspbaRQbFdgnQyN+Kux7sZ5b4rkhGd0G
SW0GjTkD03ITVlwoiVhIdI0VwA6A8MVgfKRTEqWeNGvwQOOrPUsI5t1u/OW2quqe
oCihEzcVIthTpz1GiKoetpC3mtzxvn3kPRrCNZ4ah4AygUSMGvq4hmwxFvX81i9s
iFecwbSszNLHeEFhyOt8yaPiYpB5w4wmSYGztr4KVWs4pPWKVgrMhpqwqDd4nzmI
5g4sh/AJdQysHznUe5DAFCfPDulJkylZN4MgVQ+pd1RYWvrjTrg5EeRfVhAryiWh
F5mTAGLuESO8QIsk/Vyk2bDcw/sfBcwcbGY6yb+7a7E7KMCllqLzJhI+XncbEyxk
xaJYIbWbofJ46hWqGTz6RHDMjeWUdojruymZmvR+a20cHHT+qCAA5Air7JTlatr9
Oj07cuVQbR2OI4RUrH+p
=fO6P
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability

Advisory ID:  cisco-sa-20160928-smi

Revision: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device.

The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB5z5cP/jN0FAtH3nzkV5QMMWX42dEB
2kA0Bb2OkL6FUW6zp2mRsGKM8UwpKAOgctHYp0SLpIxQC3SJWCaavIqlYQ3noket
4NEaB+P5wAABkq4m0pxa+NorF6x5VbA2yU4LB7kgofg6Izxso7QtjogPUy5r44Cp
oDV1CGC+oTjfizg2pF0Bj3vxfwv5hz2ZCUWq01fs8OF6N4lVs18deskLtLvEOPo7
1IwyIwJEUuxvR2XjRWbTgTt2HKmdgGSpbw9TVaYcBoMCFr/k1uhvgA3b8KyH2az/
y4Ao6EmgvI2SalJlTpmTPAeNDjSmSbnatq2nA8IOFjSn70OBtMcSPUfbzSZ5wLlw
HnFAkYuBNkzkMsj4+gu5jayQcUVvcxdL5Zco0hGaAYgjUihh0PHfYGBsEkInvdE/
5X4axai/MH/zLDrO7YHwvIPVXjmDra+evSxhl7FTxhIFR22GdJ9VsZE2JdvNuXU/
ddiqF7htiTMzT2GF+zLAL8aQdjnw3Ft/F65U1VR8/Rdxsc5kn8fyKLxmjPiPuyYK
VcoGq2sC5foOBdKXi6k7oaOoYTgiSyTxah5s70GZwirLGfL+6vDVMdaSqljX4ot4
IuhX9fAi0gaMXpGEFEf7SAF4y91Skr2DQWxMWhNkdJ6WFPVXU2aE+G3Y3urjPR/O
cqKVSps53RqSlRhixPBF
=DfQ0
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV+yTpYx+lLeg9Ub1AQgC+g//cEzeCdrOO1vJr/cQbF4h9tCghq99BPOH
9Jct4Bw6gJfYNQ1hhdBvdwXCyYDno07I/D0ODp+uqc7ifnUctxtqf0PMZfBD50AZ
x8/d/r6qEJzFCvzRRS7uS7bYUdCoq2kqK9dpZBPfFQYrHQhHbbmK4FOHiKyTZLy3
w2vZkNvIiUAXJDSzeXfj8nefTdab3n2fsNgi3FDgrveb8bFQqgSpmfKkVqVmUNzH
hS98cklh6Scx4ZeMV2LBzbqwENzIvduSTW3LnUzRUBSy/spbwbqfuf4U6QWefwff
WLbpjPCA7U3qJDcJeZ/cfpRPRzKnGjvzelutVBdaW48iAtEZOuGGt4US5IvmpQz5
o1RqR0NbWTowS2jh4xduBT8LZh7/dKKlFCgj+512uhsDFHZsXmRvfN3dskr9PBEW
71XFa/SrNQn8vM34RnXcaq5E+HccwAs3CtorGpM4VX2NbOcxemv8o6e7JeDrTDuZ
CqMsiDcoyqYmUqkA3gGm2Z4XGniV3rU5cJgCQbWc3twBVPpE0l/1n/YplDo9UfAT
Wd5NtHK2c+UDwMvFNzI4q7Kipx4q0VH9xb9n/uZDxDjoeSKViP0vuEIf1KlKghgD
Qv3ciC7t3p+NTE/Refif1PmfKVjwZ+RehIAk/ucdgylVHfEFlMDUBQ7OLAAf0pDW
LFZP2h8opx8=
=f+EF
-----END PGP SIGNATURE-----