-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0096 Title: Cisco ASA Malformed DNS Reply Denial of Service Vulnerability [1] Version history: 06.12.2013 Initial publication Summary ======= A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the reload of an affected system. The vulnerability is due to improper handling of DNS error cases when the Cisco ASA Software receives a DNS reply packet under a particular system configuration. An attacker could exploit this vulnerability by either owning a DNS server or ensuring that the reply to a DNS request from an affected system is malformed. An exploit could allow the attacker to cause the reload of the affected system. CVE numbers: CVE-2013-6696 CVSS v2 Base Score:7.1 (HIGH) (AV:N/AC:M/Au:N/C:N/I:N/A:C) [2] Vulnerable systems ================== Cisco Adaptive Security Appliance (ASA) Software 5.4/4.5 Original Details ================ These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services processors (ESP) card or the route processor (RP) card, causing an interruption of services. Repeated exploitation could result in a sustained DoS condition. What can you do? ================ There is a patch. [1] What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6696 [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6696 Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSodUiAAoJEPpzpNLI8SVomE8QAI9yayZyxoILsYQpHhktIX9K lY/kdYFRJXXYYqg1noXX2XbYAwnnc0btkNPvKsdGHClSQHF4Y1m8FfO/I8gEpfGl rcYPS9vmaN17lvszBscwd1kJqnxUSiw4QMoqtJNTTuPsJhfMZ1IyIa4YsjXQFbTI 0z4+a0p1pxGPvFn2LkGZZKV6+oD8bMJe6R8lccjKJx7POG24SoO7B9zxXCJk6gQM 96RLvNU2apSp0RKYRYXPS3HoJNxYMuaNWdfPTB5BhcQRNY9Uh66bo6axpcuidBbO 0U6dSNf4JeFwQOrDMwjaKw96f7tDL7FggsAEGSNRi8AQ6Mb3wWEk5eumPhNWfLY6 q4tU/hUMHHScR7j6+MWOFq0tdiKX5bpdIIcsnP69k/qjweZc/tReG4v55bP8shwq NVzkTFQVeb5NeCdcv0KSkiYjCYXEtRe8C8RBBRxwLOXVqkEcZvCrUjA7qvkXH4Zl iy61V1fzJ6gcfYjGQbC+Y0Znxvb1aHH0Ruf8FaIjoPQxeMRa1I76FywGX+EzFxB8 lotNlDsi7Q70xEtlAGQaLby3OWYN9bdi5wCYHgCkCcN36SprH4ArmkzU5Kv++Z7p yiyBdOcUffCDU0xyEr6YE4SsOkz5rULPiwBTT4q5/VOTiF9d8g0Vro3JXvrMrt3y uGTGM29UkSpOFgEMcNI1 =yXUa -----END PGP SIGNATURE-----