[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Thu Jun 5 18:50:35 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Advisory ID: cisco-sa-20140605-openssl
Revision 1.0
For Public Release 2014 June 5 22:00 UTC (GMT)
Summary
=======
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or preform a man-in-the-middle attack. On June 5, 2014 the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:
SSL/TLS Man-in-the-Middle Vulnerability
DTLS Recursion Flaw Vulnerability
DTLS Invalid Fragment Vulnerability
SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability
SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability
Anonymous ECDH Denial of Service Vulnerability
ECDSA NONCE Side-Channel Recovery Attack Vulnerability
Please note that the devices that are affected by this vulnerability are the devices acting as an Secure Socket Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.
This advisory will be updated as additional information becomes available.
Cisco will release free software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities may be available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTkPEcAAoJEIpI1I6i1Mx3Da0P/18NQm3NYCYi65h6m6Ik3/W8
47Zuz/VuXCJ9fvlboaW04P5P8IyO/Upc4jz6Py5Cmh2eX+BF2/CvlKv2r2lWAucr
Pbeyu8O/TTKGr/OsgdUsy8xT8WS7cxekHdt0yL0fkGzmYaNhfx1oSMB8xbnpCmHk
pGV4gMdYyfJvnU1C913yLUQC7Mq3mqwwQ/rOcJ9Fy5uZJsTrd4dOLPEC6pyJoVfU
2EySkNMTsO4/WXubV6Q1YuOHG0Epw6XA7tP+wPms/lV7URQdbuNECnQNi4VZD/rY
bOIIXTDdhilHMKrQ9kAmj8R70rCjyarmkfymHUldXGPrPo6KNvR3VUAcCHko1JId
GV98OTzYHT2WpizMnTGPgWmiQbkvTWNeG4yFkrQB5wIP+HYm158KOWigbSC8Pwur
/A8GdU59LNp8m7nl217pTiYo9IZrjvytND9FF37kA3FJLxgdrzpDAMFuMANNZgGB
0Gd/hDITH2nDRDgeZkMZG/PIJCKH4R3i+SEM87ab/iF6MUZw1jg28L1LOXt9qHv6
IfWWwjtn8ctUHIltpMPClanhylWb27L9Ga8+8xsi7Ongpn8p3RLeZen9CI+xDTye
R5jSeDpFR5RuEYhHel+iEyDQ8OMGX+/0osMPP9HGS879dHl3PSzkcUHMOSSiN3gO
5Xt+qD9XKxD7u0Wmkk44
=xPVJ
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list