[c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Andrew (Andy) Ashley andrew.a at aware.co.th
Tue Feb 16 03:08:53 EST 2016 

Hi,

We upgraded a pair of 5515-X’s from 9.2(1) to 9.5(2)2, the interim release, on Saturday. 
Since then the free memory on the primary unit has been steadily decreasing (30% -> 95% in 3 days).
These small increases appear to be happening around every 30 minutes or so.
We failed over to the standby, which had much lower memory usage but that too is now creeping up. 
The previous primary unit did not reclaim any memory and did not stop climbing either after fail over.

Have opened a TAC case but Wondering if it’s just us, or if this is affecting others..

Regards,
Andrew Ashley




-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> on behalf of Garry <gkg at gmx.de>
Date: Tuesday, 16 February 2016 at 14:49
To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

>Hi,
>> On Wed, 2016-02-10 at 08:06 -0800, psirt at cisco.com wrote:
>>> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer
>>> Overflow Vulnerability
>>>
>>> Advisory ID: cisco-sa-20160210-asa-ike
>> Poor bastards stuck at 8.2 (like us) might be relieved to know that
>> there actually is a 8.2(5)59 version with the fix. Reading the SA page
>> I got the impression that there was no fixed software for 8.2(5).
>Thanks for the find, same situation we were in (well, several of our
>customers rather) - reading the advisory, it clearly states anything 8.x
>except 8.4 is recommended to go to 9.1 (yeah, right! Not opening that
>can^H^H^H crate of worms! Or more like Pandora's box?). Apart from at
>least one system that only has 256M of RAM (and therefore can't go to
>anything higher than 8.2 AFAIK), even going to the mentioned 8.4.7(30)
>caused some problems due to incorrectly (or incomplete) config migration
>for several systems ... of course it could be fixed, but still ...
>And yes, the systems should be kept more current, but seeing what
>happens when you do update more or less confirms the old saying "never
>change a running system" ... sadly ...
>
>Still, if Cisco publishes an interim that fixes this disastrous flaw and
>is not at least following up on their announcement (8.2.5(59) was
>released 3 days after the initial notification was published), it's sort
>of a pain for users ... even the advisory on the web page hasn't been
>updated to at least list the option of using the interim ... :(
>
>-garry
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list