[NEWS] Cisco Secure Content Accelerator Vulnerable to SSL Worm
From: support@securiteam.comDate: 10/05/02
- Previous message: support@securiteam.com: "[UNIX] Multiple Vulnerabilities in LogSurfer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 5 Oct 2002 23:31:19 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Cisco Secure Content Accelerator Vulnerable to SSL Worm
------------------------------------------------------------------------
SUMMARY
As we reported in our previous article:
<http://www.securiteam.com/unixfocus/5PP0B2A8AA.html> "Slapper"
OpenSSL/Apache Worm Propagation, a worm has been infecting and spreading
from these infected machines to other machines, by means of exploiting a
well known vulnerability in OpenSSL, it has been now made clear that
Cisco's Secure Content Accelerator (un-patched version) is also vulnerable
to attack, and is being actively compromised.
DETAILS
Vulnerable systems:
* Cisco SCA 11000 Series Secure Content Accelerator
Attempts to exploit the vulnerability described in CAN-2002-0656 cause the
SCA 11000 (all tested software releases) to spontaneously reboot,
resulting in at least a denial of service. This product incorporates code
from an older OpenSSL release, and thus shares the same vulnerability.
There is no known means to work around this issue, short of disabling SSL
services on the system.
Cisco's Secure Content Accelerator is closely related to SonicWALL's SSL
offloader product. The SonicWALL product was also vulnerable, and a
statement and fix were issued promptly:
<http://www.sonicwall.com/support/security_advisories/security_advisory-openSSL.html> http://www.sonicwall.com/support/security_advisories/security_advisory-openSSL.html
No official fix is as yet available from Cisco for this issue, and no
advisory has been released. Impact is likely equivalent to impact on the
SonicWALL product.
Cisco PSIRT publishes advisories here:
<http://www.cisco.com/warp/public/707/advisory.html>
http://www.cisco.com/warp/public/707/advisory.html
Vendor response:
We can confirm the finding made by <mailto:mdz@debian.org> Matt Zimmerman
for all older releases of the Cisco Secure Content Accelerator software.
Cisco has released version 3.2.0.20 of Cisco Secure Content Accelerator
software on September 27, 2002 which resolves the OpenSSL issue.
The new version of software is available to customers via our website at:
<http://www.cisco.com/cgi-bin/tablebuild.pl/cs-conacc>
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-conacc
This problem has been documented in the Release-notes for version 3.2.0.20
online at:
<http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/v320b20.htm#xtocid13> http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/v320b20.htm#xtocid13
ADDITIONAL INFORMATION
The information has been provided by <mailto:mdz@debian.org> Matt
Zimmerman and <mailto:mcaudill@cisco.com> Mike Caudill.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Multiple Vulnerabilities in LogSurfer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
