copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2016.0559 - [Cisco] Cisco NX-OS Software: Denial of service - Remote/unauthenticated

Date: 03 March 2016

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0559
Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability and SNMP
                  Packet Denial of Service Vulnerability
                               3 March 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco NX-OS Software
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-6260 CVE-2015-0718 

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp

Comment: This bulletin contains two (2) Cisco Systems security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability

Advisory ID: cisco-sa-20160302-netstack

Revision 1.0

For Public Release 2016 March 02 16:00  UTC (GMT) 

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a TIME_WAIT state. An attacker could exploit this vulnerability by sending a specific TCP packet to an affected device on a TCP session that is already in a TIME_WAIT state. An exploit could allow the attacker to cause a reload of the TCP stack on the affected device, resulting in a DoS condition.

This vulnerability can be exploited using either IPv4 or IPv6 packets. The vulnerability can be triggered by a crafted sequence of TCP packets destined for TCP ports listening on the device. The packets may use the IPv4 or IPv6 unicast address of any interface configured on the device.

This vulnerability can be triggered only by traffic destined to an affected device and cannot be exploited using traffic that transits an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJW1u/uAAoJEK89gD3EAJB5UpMP/imOJREHxMUeWLAzLmILxX6J
F/zHXfq6I86fbCiIeXGKIyoOqFes57X/62nqS13/4eIo0k1YIIfUnlsXcBu62goL
JKnyEEJvBMPhOJcE0A1wumgrx/CG5saKpEGKJzgevPCMfw/vCLFNoJo9NoPlKpyx
zBMAMiRdbrllX4kd/XPCtnkcrNU5BXUX8s9sSwuym7mr8U7QLBPDtxszQ1ctwLTs
kXsdHpqDs1ZNhourNCeX6IEMIroWuxx3VWpefc5YB7WEk2xnDC885jL1R9SafPdn
1L7cYBrzGzn68yv0T1ztQX4sw++SkhNAq4rm7zFpXCxH0vxSvlLgSva/+GmVcooA
k/NpCIcr6b86HtZ92Ag1sM4Z/IkL/T6uh9ujIrOu5QqJ1nhn4w9frDePI+dWckEI
GgB+9uF9k12F45+4K050o+u1GYPDerwdOZ42ygKpE9gubsLyhVixkXEE37Pzx+94
h9B8nVVULkRuN1YFMWT3F9uvjeFdqJonRVI9H3g7gCuENbQ+r9A76O8Ct1xoYD+W
s8gAP19/R20wz5Kd0zHP+qr8U8YFWbVEhpdC8p/2mVFa9TJ8Hji1D74R39v4h5hD
Nbbx2NEOP6PeWqxABSvIIPy85VHlnR2Ob8jTo/+oXHYtXAnyiO2qacdSx506YaBO
KS9zQgehAR+sKCXgvL2w
=FC1r
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20160302-n5ksnmp

Revision 1.0

For Public Release 2016 March 02 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Simple Network Management Protocol (SNMP) input 
packet processor of Cisco Nexus 5500 Platform Switches, Cisco Nexus 5600 
Platform Switches, and Cisco Nexus 6000 Series Switches running Cisco
NX-OS Software could allow an unauthenticated, remote attacker to cause 
the SNMP application on an affected device to restart unexpectedly.

The vulnerability is due to improper validation of SNMP Protocol Data 
Units (PDUs) in SNMP packets. An attacker could exploit this
vulnerability by sending a crafted SNMP packet to an affected device,
which could cause the SNMP application on the device to restart. A 
successful exploit could allow the attacker to cause the SNMP
application to restart multiple times, leading to a system-level restart 
and a denial of service (DoS) condition.

Cisco released software updates that address this vulnerability. There 
are no workarounds that address this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVs+jWq89gD3EAJB5AQJDDxAAxdSHqJnWU8J8e4u7aN4xYyuAg3hvZp4J
qrIpHMxuQW9kS9PBnzlvj2Z5zLhzxgzx5tJaiRmV9eMey/j4J1KIzPIi4eMa2w6o
oFhN9Tla+ZuiqvTVuCF0swYEBRV6YHUXUoTEHuy9MMfmqJSu9L5bY/ESf0yLDDgT
zyDp7BQ++v6FMjSf9VKDhuj1X3+dwHWqKZGaanTS+v7t1kfGz778vNGFhGB08L3c
Ty3nL601bIfg2BDkFfPcd+BI3nG4RT85JmjA7fx+/xXuUw8GMfcUnwuw8Ym5R3l2
+9pW9Lx/PIh8lIRPTVS1Q6+TpBglBTfJV7IXZ+0nciCpa0VnQEhddwtk1fQ/cNHZ
0qYxIwbPHtPhT09V5JL82bn8xowhLGpdn+Kv/ZW1JOq5CYq5OYUOb6hu4DxpXggU
wIVhpeQKxyaivYfjGMz5u8TD/LEVrq6vWSkt15SLXhZzSNyioRm5VrmPIRMwG7Xr
fY4kcLNWku1m9zstiN1rwkBwFcJhvUn2Ny9Ug7UF/frE3CbSBiCJyCW8ucnKe5t6
lUsyJXT9kUYXT5oLTv62JTASuaRByer5svS+m7iDr2WXqumTgOQVYz648XHJ8k3n
wMBpEFicSoEo+B7g12vQOHKB7FOsFpkyxvvOJ89X3ri8oDuzhPfUNhH3nq2EXlAt
Vuy5i209RlQ=
=zzHr
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVteRy36ZAP0PgtI9AQKpwA//QNwBBgn3axQxfADRKe9RzrTkF1o9ObUq
cRXdc8n7QjtztftkrRnkhtzKktb/SrevkRKaZ1QxKTKOEmq+LzKJAc+sXuqmRmdt
y1T4s1zaOmBDJe6EsYHJGD7Dq30s9jzRVe1k+QyvVJZPnK9pI25fhzASR835oo4Y
xnKIq70D7hyW7Yldiz5kvDzAV+GLTx72sHXv3aUfQPgjlG5BpDX29gTxTfC4Bd9u
+4Sa8oHkzVNNSAwIks53gWPHZZ6KDexumZrwibhE7Hs74o7xbGu1jvXe1r88bwUH
tyrhyZSDCogl1AIvqml0o5JgcBxUvcKH/RQu6wCEeHH4BUis0RuaYrVhAwjX8APY
Ja5fmBELRSA+zCaEwpoHwLRllvDxe0bgEeATNE78z/aCjZ4lpj5XPMGS3I2UuA7X
rBfx9TBn5Vw2gr47AV5AQUJZzVkuF/OIGRIiSYLznFNp7QMLAKL+63TpszDJw/1+
m+SbqleI1a97OMi2bRPj30yuoyDdlf/xAOqDzCvjDCOc6S09sCijn4qLvP4q31IH
PNAq30tdbqhOR1cNAIvRFjS/MnwpQp1qQENbv2OfZBNuB7BUqw9L9QsQd9C3aEwo
Dowatqcr6EGQGFITY5YDJ/9EY9KmcH1cUa3+b9+eqrMZ0pv2/aUSFxLPRDFtJpJY
ZIM26T93bTs=
=WmJG
-----END PGP SIGNATURE-----