---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco Intrusion Detection / Prevention System "SSL Hello" Denial of Service SECUNIA ADVISORY ID: SA22046 VERIFY ADVISORY: http://secunia.com/advisories/22046/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Cisco Intrusion Prevention System (IPS) 5.x http://secunia.com/product/5600/ Cisco Intrusion Detection System (IDS) 4.x http://secunia.com/product/12069/ DESCRIPTION: A vulnerability has been reported in Cisco Intrusion Detection System and Cisco Intrusion Prevention System, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the processing of SSL v2 client Hello packets. This can be exploited to cause a DoS by sending a specially crafted Hello packet to a vulnerable system. Successful exploitation can cause the mainApp process to fail, stopping a system from responding to remote management request sent to the web administration interface or the command-line interface via SSH, sending SMTP traps, and automatically updating ACLs (Access Control Lists) on remote firewall systems. The vulnerability affects the following products: - Cisco IDS 4.1(x) software prior to 4.1(5c) - Cisco IPS 5.0(x) software prior to 5.0(6p1) - Cisco IPS 5.1(x) software prior to 5.1(2) SOLUTION: Apply updated software. Cisco IDS 4.1(5b) and earlier: Update to Cisco IDS 4.1(5c) Cisco IPS 5.0(6p1) and earlier: Update to Cisco IPS 5.0(6p2) Cisco IPS 5.1(1) and earlier: Update to Cisco IPS 5.1(2) PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml OTHER REFERENCES: US-CERT VU#658884: http://www.kb.cert.org/vuls/id/658884 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------