[c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Nick Cutting ncutting at edgetg.co.uk
Mon Feb 15 15:43:39 EST 2016


This is best news I've heard all day.  Was going to have to move 55 VPNs by hand..

I have this for the 5510 - I cannot see a release for the 5505 - will this also be coming?

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Rathlev
Sent: 15 February 2016 18:51
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

On Wed, 2016-02-10 at 08:06 -0800, psirt at cisco.com wrote:
> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer 
> Overflow Vulnerability
> 
> Advisory ID: cisco-sa-20160210-asa-ike

Poor bastards stuck at 8.2 (like us) might be relieved to know that there actually is a 8.2(5)59 version with the fix. Reading the SA page I got the impression that there was no fixed software for 8.2(5).

Kudos to Cisco for releasing a fixed version of something that old. :-)

(And yes, upgrading to 8.4(7)30 and onwards is in the pipeline, we just need one small round tuit and we're there.)

--
Peter
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list