[c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Don Nightingale donnightin at gmail.com
Tue Feb 16 10:28:26 EST 2016 

I'm seeing this as well on our 5555 pair we upgraded 2/11 to 9.5(2)2.
Memory usage is slowly reported as increasing.  It's currently
breaking the asdm memory graph, displaying 450% memory utilization to
syslog and showing ridiculous numbers from the cli:

ciscoasa# sho mem
Free memory:      18446744044457691540 bytes (248730157%)
Used memory:       37261147072 bytes (-248730057%)
-------------     ------------------
Total memory:       7416356372 bytes (100%)



It's still operating so it may be either a cosmetic bug or a canary
that will keep me busy sometime in the near future.

We have an open tac case as well.

--
Don

> On Feb 16, 2016, at 3:08 AM, Andrew (Andy) Ashley <andrew.a at aware.co.th> wrote:
>
> Hi,
>
> We upgraded a pair of 5515-X’s from 9.2(1) to 9.5(2)2, the interim release, on Saturday.
> Since then the free memory on the primary unit has been steadily decreasing (30% -> 95% in 3 days).
> These small increases appear to be happening around every 30 minutes or so.
> We failed over to the standby, which had much lower memory usage but that too is now creeping up.
> The previous primary unit did not reclaim any memory and did not stop climbing either after fail over.
>
> Have opened a TAC case but Wondering if it’s just us, or if this is affecting others..
>
> Regards,
> Andrew Ashley
>
>
>
>
> -----Original Message-----
> From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> on behalf of Garry <gkg at gmx.de>
> Date: Tuesday, 16 February 2016 at 14:49
> To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
>
>> Hi,
>>>> On Wed, 2016-02-10 at 08:06 -0800, psirt at cisco.com wrote:
>>>> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer
>>>> Overflow Vulnerability
>>>>
>>>> Advisory ID: cisco-sa-20160210-asa-ike
>>> Poor bastards stuck at 8.2 (like us) might be relieved to know that
>>> there actually is a 8.2(5)59 version with the fix. Reading the SA page
>>> I got the impression that there was no fixed software for 8.2(5).
>> Thanks for the find, same situation we were in (well, several of our
>> customers rather) - reading the advisory, it clearly states anything 8.x
>> except 8.4 is recommended to go to 9.1 (yeah, right! Not opening that
>> can^H^H^H crate of worms! Or more like Pandora's box?). Apart from at
>> least one system that only has 256M of RAM (and therefore can't go to
>> anything higher than 8.2 AFAIK), even going to the mentioned 8.4.7(30)
>> caused some problems due to incorrectly (or incomplete) config migration
>> for several systems ... of course it could be fixed, but still ...
>> And yes, the systems should be kept more current, but seeing what
>> happens when you do update more or less confirms the old saying "never
>> change a running system" ... sadly ...
>>
>> Still, if Cisco publishes an interim that fixes this disastrous flaw and
>> is not at least following up on their announcement (8.2.5(59) was
>> released 3 days after the initial notification was published), it's sort
>> of a pain for users ... even the advisory on the web page hasn't been
>> updated to at least list the option of using the interim ... :(
>>
>> -garry
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list