[c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

David White, Jr. (dwhitejr) dwhitejr at cisco.com
Tue Feb 16 10:35:38 EST 2016 

Sounds like CSCux15273 - inaccurate reporting of memory usage in 9.5(2)+

Sincerely,

David.

On 2/16/16 10:28 AM, Don Nightingale wrote:
> I'm seeing this as well on our 5555 pair we upgraded 2/11 to 9.5(2)2.
> Memory usage is slowly reported as increasing.  It's currently
> breaking the asdm memory graph, displaying 450% memory utilization to
> syslog and showing ridiculous numbers from the cli:
>
> ciscoasa# sho mem
> Free memory:      18446744044457691540 bytes (248730157%)
> Used memory:       37261147072 bytes (-248730057%)
> -------------     ------------------
> Total memory:       7416356372 bytes (100%)
>
>
>
> It's still operating so it may be either a cosmetic bug or a canary
> that will keep me busy sometime in the near future.
>
> We have an open tac case as well.
>
> --
> Don
>
>> On Feb 16, 2016, at 3:08 AM, Andrew (Andy) Ashley <andrew.a at aware.co.th> wrote:
>>
>> Hi,
>>
>> We upgraded a pair of 5515-X’s from 9.2(1) to 9.5(2)2, the interim release, on Saturday.
>> Since then the free memory on the primary unit has been steadily decreasing (30% -> 95% in 3 days).
>> These small increases appear to be happening around every 30 minutes or so.
>> We failed over to the standby, which had much lower memory usage but that too is now creeping up.
>> The previous primary unit did not reclaim any memory and did not stop climbing either after fail over.
>>
>> Have opened a TAC case but Wondering if it’s just us, or if this is affecting others..
>>
>> Regards,
>> Andrew Ashley
>>
>>
>>
>>
>> -----Original Message-----
>> From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> on behalf of Garry <gkg at gmx.de>
>> Date: Tuesday, 16 February 2016 at 14:49
>> To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
>> Subject: Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
>>
>>> Hi,
>>>>> On Wed, 2016-02-10 at 08:06 -0800, psirt at cisco.com wrote:
>>>>> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer
>>>>> Overflow Vulnerability
>>>>>
>>>>> Advisory ID: cisco-sa-20160210-asa-ike
>>>> Poor bastards stuck at 8.2 (like us) might be relieved to know that
>>>> there actually is a 8.2(5)59 version with the fix. Reading the SA page
>>>> I got the impression that there was no fixed software for 8.2(5).
>>> Thanks for the find, same situation we were in (well, several of our
>>> customers rather) - reading the advisory, it clearly states anything 8.x
>>> except 8.4 is recommended to go to 9.1 (yeah, right! Not opening that
>>> can^H^H^H crate of worms! Or more like Pandora's box?). Apart from at
>>> least one system that only has 256M of RAM (and therefore can't go to
>>> anything higher than 8.2 AFAIK), even going to the mentioned 8.4.7(30)
>>> caused some problems due to incorrectly (or incomplete) config migration
>>> for several systems ... of course it could be fixed, but still ...
>>> And yes, the systems should be kept more current, but seeing what
>>> happens when you do update more or less confirms the old saying "never
>>> change a running system" ... sadly ...
>>>
>>> Still, if Cisco publishes an interim that fixes this disastrous flaw and
>>> is not at least following up on their announcement (8.2.5(59) was
>>> released 3 days after the initial notification was published), it's sort
>>> of a pain for users ... even the advisory on the web page hasn't been
>>> updated to at least list the option of using the interim ... :(
>>>
>>> -garry
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list