Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2283 Cisco IOS and IOS XE Vulnerabilities 29 September 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco IOS and IOS XE Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-6393 CVE-2016-6392 CVE-2016-6391 CVE-2016-6386 CVE-2016-6385 CVE-2016-6384 CVE-2016-6382 CVE-2016-6381 CVE-2016-6380 CVE-2016-6379 CVE-2016-6378 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi Comment: This bulletin contains ten (10) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-cip Revison: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB55BcP/3jsgDFYqZpxEZUO2ZJaXn/I cgITUamc+GyA2e7GSr6PEFqH8IY2GjIqw9+yeJY3GLbI5yD7tr7W0ssZHR/8zKlA Vd2Cii5IPb0MScMMD9pr4jVzEDH8t3HbBIltM3/3v9Xhrf6u+NgxHXb1V9sJpXOQ Q+2FUNsnPHq0xP1/ukdL+NkO/Znil5HasxNlCDSQHzCEg3+Gv6lUIXsCd3fdYeS9 UfWwXTEM3/2cPMC2sNst4k59T6p9t5wC010OqmWkkyqy0+poyWGmqv8upX7iwq+C Z+RprABHZh5lJIrk31bAJRTdRpe1iAwRQw/FBU3AkxTMZpE1JiDOPqEKXpvIm4MF UKCBXKibP1TAZnpa/Od59xpeOZ7lm7Iyr5J394s+ke1J3g8avbU7t9tglIYuBkCx rRbcik5osYpRq0Fy7YzAFNb7SG4RlrLjunU/A/ieDMVTyQ+areRl0vdd5F7Z0bDF +fowEopXbgFTWl1FdKFXa0wtwnY+YDYKYzqUfLYeeyLjxNWrj52HVNA+L5ICd/N3 gyBgbDHnLvBn7WlTJdlW4DATG/hUyme0vZRWnIH8QDR5T+U6gWWCTme9ljnsL+qO DFZrDRpgCbC3qbAD8mDHjvDStoq2gMlx4vdfkdeOC3l2dGtfRt30XdKXQ1mYumH6 6ajuf0yVKs/g0HJJ97Rd =Jpzz - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XE Software IP Fragment Reassembly Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-frag Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the IPv4 fragment reassembly function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to the corruption of an internal data structure that occurs when the affected software reassembles an IPv4 packet. An attacker could exploit this vulnerability by sending crafted IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5sbMQALq6iWNFj/itLZc129dgqq/x zNdAxTVmQIurF1ak4RpTLzNPJM0KY19ymXVOe7+K5vEz3mkP59J5T7vzNhR+sDUa DMV0ytPhXSmVQXxDBYE3ChiVCcSoDcStK8pE50aHY5Fh31pUsFZQSsE44mTOA9f+ IW8DRJEwZghifgefBFbv5EncepVof7GoZAaeYaefhGevkIBLIjf8YOZWiDbB3taH UW0+Y7mdKxTYFP/z80kin/xrVYbSYfcrjlKs7OFPUeKXx1Mlq+HeNRYE06H5mm5B 9uKJ2+AdnJ4CTZORiQ+/1DeDp1SL5PWpQpGH511kJvDNTEE94qO4uoRU38fsS8V8 dyA0A+vHszWr2Pm6pYXoaY7UjO+0TpAeTQF6jnCjpQkSNMNevBanG/z9OGir6P9T DVhWajmXwL9AI02yy8irulpfgCpnN6i2HiTLRPb/UPuELh5rlkv6B9N7qvirWiUY L+8Wel3dXa7tWIBcKC60bciaxeiYkn3ztyE9OixS9xkdZIzV3r15/I4+LXZbSq3z TzVU1eg1qRQsY4EauIMpBeMEfU14dgpnqAE6zbi3GsZy1GEL27VoDEVYF7qX6zPe Eodo2gPk9HgVbRiaK5gj4rREVmEkeXJCK7mJG82asiCByvaJ1wDBMPUtwtKsm+nE YWqDvhZqr1gIfWoEwAD9 =/dTu - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-esp-nat Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB55ZkQAK3+Rm0PWnY7f1hzQe/svkhg lh6oi0Kg7UfdHcBpqMd3N/zYTePjD/DTwbGAV0vtgMhPGAEg0Q0L90GE4H5zudgU FktSxr15lKSXpZFooUjQFUSKjqTgDoxV/l0LGy/QqLx4kILHucQly6L34n5O4v1q OdrGjMKzGlG2AIxZOK9VL1Cbvh/XdXInmiOTfjcJrxJ+MMGtK2owJVo6n5jmiaIK 7gIfFdZmI6ODKX47SmRQRe5QWj0pB37zN+RO6N2tN2FHXu/3Wyt4O0SAvbCHhcWu dxRZRhcGUb97xHAJnY5hGRNP25hecl6blq5LLE8vt8G1IIMZGaDFVk+fu96IZ8EC sNgcX9McYdlKTfGfTcgVJwzBp+sFHgrLZngY4xOMKOCKssKT44kO7/WnKVu4jyeQ 2jtaWm9s46dbXWm7poqy4aHlP7tSC9miZXyR25yOUSJqWSyhFRBNsiixuw3ocJtT oBm75amZwqNbxZAM4MdA4h4KCfzM/w6WtBGNr1sGzoP0E5oKrSgKLIpYV6QE4916 lq4GPn7v3wXKIoHNskuNivnAEKspn5qy3RkJ6cdb9HfFrjyq4ylXDBiwsG2gzCoA 7sJRBxRTe97iDwI/33BtFtYBtpwbHlnD5+ldZb4mRjfKUHPJ2jzgRo4WEvRoOW9C 0dgRoK3Me1LL/+ULExyS =OKzi - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-aaados Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an error log message when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this vulnerability by attempting to authenticate to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5QhAQAK1qcs2Tofs/jtgm6V8kf6/T KF1o/mYTtsWhv+ktaYNGRWQAwRmeBksGPfkeDuYmj4uhtRiPAUwDknbBVnXd24Yv RYeyS8tULGH/PYUZnWOcxc3dee/+OMBnJjkbY3MMtb2dfwXOOKqIShrKoBvp8ZFc GBbD2vqh86qxPTS9OUgPrR2RcmeqC7GwAV/iCIYJs/lX1E/BjgCbW2YHNBFUwOk4 f7v/fB5eeFjTT/PTgVZXkJJXMgG1P3z8qDZLkwUtvMrdOixz/3d4T3Cfro90mrBV l6TXdTQ+r/rHGRLhqE/m3eTKGK5471WoeiPbS40WBuDQN2h/Li52s9B7oIpTX7eL UeZ7BpjxhRzJqB48mWRnmRh8kiXykgcnCiE5PTEKtuo5HMRmj84Q8vxqNy83ILTK WDCNYf21KaSxnWF2vWqcg11wHyrLvbyV5k4nFaRG+rUukAPTjqolT+IyjrfRA5pY +boX6cergmOnA+ZFIsYU7Km+c1JE0syOdmsmtMeH2EfmRS27DqrhQy8PsPPzY/wQ Wyk6Z8vQfkuAU6qWoD7QfanfQA21bhzmyXSB4+tbBLpuUyG1iLcFWj77FZYdptI1 7Iutbzve8/WulwBbfSCWtWVs0pk/PU0D9bVSSoa5mwtuXUuB/2MNn/nH32Trr1h4 JgDHUl8OoK1XzRBxRuK7 =NlPr - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-dns Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by intercepting and crafting a DNS response message to a client DNS query that was forwarded from the affected device to a DNS server. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5XWkP/itLASjeD40VVxzeX2jqUoV2 mk3NvhsP17XepKKjtLcITjTxLfVl7Dfwj3sThdqZ8AcE0bNnP01Wu611pc/+LoE9 Glp82vHWQML/0SrcD2dLzr5k9VamHzah9cb/ueF1Dh7FhS8geQp5/AqlpHwEgoS2 7HDjr5n7Sxy4+aJpt+hYkl+2A3WN8FhvEnZmRPfajOowTX7d/M5ywada+Pi/A4D2 xuV5DTRxO+ujzcCEF4mKE0X6wI5LsC51F4p8fxSgsOEugxmYAhAcw2yCTei6OmGx Nagx4xSjlgGV39cJTxRF9Xpgeyw/fbsFPJrcsDXUzByRTHuRvlj7Z7haazn9VtRV kx82+ajlhPW3b63PEvoZ6NyiiEkqxaEtIDANq8MHHCptfx7W3VIP9qfx8bUF2cQb 341IhmWkHBhtQHbl8h7IABrjhNSti87njPG/hopkOfqmBr9nEHPLlaPUcKpNd9AJ 7OaRh+yPiHMMGitUokwHTFS5QrmBdTUsEGqqUEZvpz6hY3I8mNTndcXJKiNZUT2n 9Jj+5hOfLej4yJo4F8z/iIo2qI55KMRMAiqsJMVnfj9xilyczkOW6IeXdvRVUXx5 S+94kX0CRhAjpY5OZPHDz+V1JCPIuOhhhWlRcw8khpBeojKhtSW7hzPsv+Pr5tvp UlQQldBmKnA3nehuvIEF =4+3s - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-h323 Revison: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message. When processing the malicious message, the affected device may attempt to access an invalid memory region, resulting in a crash. An attacker who can submit an H.323 packet designed to trigger the vulnerability could cause the affected device to crash and restart. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323 This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIbBAEBCAAGBQJX6vstAAoJEK89gD3EAJB5IScP91+OWtoWaofXBhyamAupeKvx AFBO7CWNyj9HR+6mJbEBrPHoYuWgTpFIG/DKLRSG0Pc82hBV5+XcRZhFhehbI+FK qSvKkqpw2tjvnYQqT073UsZkfKXzkQrBYObwXjrSHWauonQFBZmZQTl05L9fxLtZ VkeFgrcMRSTWdVFs3NRvSdivZbCe0j4iYkWOW5pdgI6xTWoItgKxBOG/yVB6MNDN 5rwYlbCand/k8zQde58Jyuy+7RXH8p/w5xOxv0g7wjJJw5I/nKTiOdPgSr+5iBmT J10+jw0JuE0jQW58XeaTDYBAUIF/YXLY+1mB+0i2CTGgZ/ZRKOutd1a7yCRT7gx9 LMQgkKXVZq4DiGx4Xo2BgblyWDluRW4yniEMGe/GyMlkYGVtlTpAavVcp91X+b9+ VolKqUuSCq6Dee5zIT6rF+K8YOK2p5b6s+gfybpkx372UKM6kJYFtlvHR6YKVl/x TS/iGcc+2+qx4GcwUkRAsJCdUyOliKndwUQkDA6qlRLrCyK1ExlN66NJ3G/ZqBlJ ynacQ1H1HWp0EFZSUOd51RqDNOWzYYo3GORC77x1sP0gbCYQZ9uXY1orR7v+F+Mi mv7Z1NGbG64z7X2UuKvHxIQXwB/dM3im2s5bHDIIriyvJQVis1ghCcLC82urT0f+ TZL11sZmIHAQ4VpFXuQ= =5oY6 - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software IP Detail Record Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-ipdr Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the IP Detail Record (IPDR) code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper handling of IPDR packets. An attacker could exploit this vulnerability by sending crafted IPDR packets to an affected system. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB5cTAQANacywd8Tm+umYNn6ThhV79U zon3EGAw0Ip0P7yivkLEbcreVBnzKYNPfI4MFcx8LoPjRIrdQ9zz5BaaMHQ0iuwE 48INPpKt770/Ch09xeJ3VFoMYis4KuTt1LxxFF0GmotIMb2j0tWptgTaKgzRbZkS ucskkvlzpzCGXULeYM5WbumoLG8r/shZq9YqhvTHeiunf346t76ouAxoJhM81EdA yyT8PDDrU7fpJt5yOUkQ/fqWW9jERoQMHOjSs2rtdQKNhERsm4jR0IWgkAz8GVAq eOAusgNBGrghvGpKDyskuBHewxwRO6VxY9YOnZIr8z3cimsuzd94qQ1iRxNpHXPP t5kWlj3Rf2zz0ygTV7Ed7mTRBgzBdVA9gtvbDLGAg4d9MCU/axSeS95iHRRzxOeQ Q3gjb1+uGW1yiNaf9QQ0X3OzPiqF3VLBeuhXXFAXRpMuPMRwCP14ZeIr6QtbvPj2 aiJUKDpRU9qewl4e508a2YR4Z5MWQERqpa4uFDHkgmT0QSYQVZjeFWI0AlBDFGkd VmNpqZsleXkrJQIGCo6On+Y5f7XAHPiii6LtWIFD46mMLtqGfkxnFduIR+b149e1 +ZxjmBRtLnyd1azIy6NRAwn+5pACLI4Zc4HsNmxuDZVxjEiH+TzR8IZ7xkfu8d1f MRHUGwKUgzfjgDJhIh8B =Ajyx - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-ios-ikev1 Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1 This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB56nIP/3nkibZCUPqC2Aki8HhkABUi CsKrKk/a/eG1Y+4yGM2pFIfUwVXUX8cjIus14c418CxuePCNZf/u8WcNcKnd+QNa WahXGn2krIlas7g8kJP8Pvk8nVyxYF10nR8MPQDjCyGXmuAbRdkuPUjEopDkMr4R xabgu/jL7M+ZEfnwbGZRhq3jMBiHxKhOSZO3qDZYKOMB3KALQBPL4GiRGO1eHrzs F6ZE6/l4d5GvtiSeD8WJ1A8oY3gSo6qD7VZcnDq3ZvHN2Elnc9WRs28CN70eh+xz VQDN7+Vm2GqvRgRSGtypk7vLmaeUnZEXQ5jpJHQFgTnp7n4elVH4dC2DmF1bYd/m M220xbScBKvVjjUihQechgTsINwkBbARAnuTlN+IL/2FQqF+XEmSMLzEgvTMD/gn aNk48i8Vx2nAPd8lzi5Ab2mvX14ss/tonnz6behCd5uqKU0UZ18bUEqc2haYAAM4 iWiE4K4SqorOHZwcpWSsJ7Vs72wmXRYnxzD2A2meTskyLQo5cJP6eqkK7Tadqf18 ao3Ao4hdVbkRVEMnhG9N1oVB5X9GAIsUMfeWEA/nKuomLLO37NgDEc8Rg278W6og SH75yARDeViyDQg7+AlZnlJlB82+ORgMlsJFBUD3hKhCQYX4Ou3GU5BccPxY4KAQ oWNuau9ap2FXdMVrW4gl =Ku7Q - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities Advisory ID: cisco-sa-20160928-msdp Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart. The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB561YQAJOjzfSJejNp1gjlewhIWplx q16B1gGQVWYLquXpaVrvVvelMZ7pk3JD0zrH2MVh1s/TUNEqtm7oJutt+KWAqoNU Z7m0+uo/wE8S8AOmZXR1tu9KY+z8sFQp7Te1UetXA+S1F6pz0vy9OhkuwTcZNj/M SEr30EodtSLpQMC/MktE5gnTB8Bw6hSNYdDg9Q9gLpL9tc8466rSCJ0iM0L+wEYD 7eno/yufeV6KpuabR1tCSVgvEdU/Z5SSWspbaRQbFdgnQyN+Kux7sZ5b4rkhGd0G SW0GjTkD03ITVlwoiVhIdI0VwA6A8MVgfKRTEqWeNGvwQOOrPUsI5t1u/OW2quqe oCihEzcVIthTpz1GiKoetpC3mtzxvn3kPRrCNZ4ah4AygUSMGvq4hmwxFvX81i9s iFecwbSszNLHeEFhyOt8yaPiYpB5w4wmSYGztr4KVWs4pPWKVgrMhpqwqDd4nzmI 5g4sh/AJdQysHznUe5DAFCfPDulJkylZN4MgVQ+pd1RYWvrjTrg5EeRfVhAryiWh F5mTAGLuESO8QIsk/Vyk2bDcw/sfBcwcbGY6yb+7a7E7KMCllqLzJhI+XncbEyxk xaJYIbWbofJ46hWqGTz6RHDMjeWUdojruymZmvR+a20cHHT+qCAA5Air7JTlatr9 Oj07cuVQbR2OI4RUrH+p =fO6P - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability Advisory ID: cisco-sa-20160928-smi Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB5z5cP/jN0FAtH3nzkV5QMMWX42dEB 2kA0Bb2OkL6FUW6zp2mRsGKM8UwpKAOgctHYp0SLpIxQC3SJWCaavIqlYQ3noket 4NEaB+P5wAABkq4m0pxa+NorF6x5VbA2yU4LB7kgofg6Izxso7QtjogPUy5r44Cp oDV1CGC+oTjfizg2pF0Bj3vxfwv5hz2ZCUWq01fs8OF6N4lVs18deskLtLvEOPo7 1IwyIwJEUuxvR2XjRWbTgTt2HKmdgGSpbw9TVaYcBoMCFr/k1uhvgA3b8KyH2az/ y4Ao6EmgvI2SalJlTpmTPAeNDjSmSbnatq2nA8IOFjSn70OBtMcSPUfbzSZ5wLlw HnFAkYuBNkzkMsj4+gu5jayQcUVvcxdL5Zco0hGaAYgjUihh0PHfYGBsEkInvdE/ 5X4axai/MH/zLDrO7YHwvIPVXjmDra+evSxhl7FTxhIFR22GdJ9VsZE2JdvNuXU/ ddiqF7htiTMzT2GF+zLAL8aQdjnw3Ft/F65U1VR8/Rdxsc5kn8fyKLxmjPiPuyYK VcoGq2sC5foOBdKXi6k7oaOoYTgiSyTxah5s70GZwirLGfL+6vDVMdaSqljX4ot4 IuhX9fAi0gaMXpGEFEf7SAF4y91Skr2DQWxMWhNkdJ6WFPVXU2aE+G3Y3urjPR/O cqKVSps53RqSlRhixPBF =DfQ0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV+yTpYx+lLeg9Ub1AQgC+g//cEzeCdrOO1vJr/cQbF4h9tCghq99BPOH 9Jct4Bw6gJfYNQ1hhdBvdwXCyYDno07I/D0ODp+uqc7ifnUctxtqf0PMZfBD50AZ x8/d/r6qEJzFCvzRRS7uS7bYUdCoq2kqK9dpZBPfFQYrHQhHbbmK4FOHiKyTZLy3 w2vZkNvIiUAXJDSzeXfj8nefTdab3n2fsNgi3FDgrveb8bFQqgSpmfKkVqVmUNzH hS98cklh6Scx4ZeMV2LBzbqwENzIvduSTW3LnUzRUBSy/spbwbqfuf4U6QWefwff WLbpjPCA7U3qJDcJeZ/cfpRPRzKnGjvzelutVBdaW48iAtEZOuGGt4US5IvmpQz5 o1RqR0NbWTowS2jh4xduBT8LZh7/dKKlFCgj+512uhsDFHZsXmRvfN3dskr9PBEW 71XFa/SrNQn8vM34RnXcaq5E+HccwAs3CtorGpM4VX2NbOcxemv8o6e7JeDrTDuZ CqMsiDcoyqYmUqkA3gGm2Z4XGniV3rU5cJgCQbWc3twBVPpE0l/1n/YplDo9UfAT Wd5NtHK2c+UDwMvFNzI4q7Kipx4q0VH9xb9n/uZDxDjoeSKViP0vuEIf1KlKghgD Qv3ciC7t3p+NTE/Refif1PmfKVjwZ+RehIAk/ucdgylVHfEFlMDUBQ7OLAAf0pDW LFZP2h8opx8= =f+EF -----END PGP SIGNATURE-----