----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Cisco IOS Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA36835

VERIFY ADVISORY:
http://secunia.com/advisories/36835/

DESCRIPTION:
Some vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service),
bypass certain security restrictions, disclose sensitive information,
or compromise a vulnerable device.

1) An error exists in the login section of the Extension Mobility
feature of the Cisco Unified CME (Communications Manager Express)
component. This can be exploited to cause a buffer overflow via
specially crafted HTTP requests.

Successful exploitation may allow execution of arbitrary code.

2)  An error in the IKE implementation can be exploited to allocate
all available Phase 1 SAs and prevent new IPSec sessions from being
established.

Successful exploitation requires that the IKE certificate based
authentication method is used.

3) Multiple errors exist in the IP tunnelling implementation when
switching network packets. These can be exploited to trigger a device
reload via specially crafted packets.

Successful exploitation requires that the device is configured for
PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP
tunnels, and Cisco Express Forwarding.

4) An error in the implementation of the Object Groups for ACLs
feature can be exploited to bypass access control policies.

5) An error in the H.323 implementation can be exploited to trigger a
device reload via specially crafted TCP packets.

Successful exploitation requires that H.323 is enabled (disabled by
default).

6) An error in the SIP implementation related to the Cisco Unified
Border Element feature can be exploited to trigger a device reload.

For more information:
SA36836

7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can
be exploited to reload a device via specially crafted packets sent to
TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500
(for IKE Encrypted Nonces).

8) A race condition error exists in the Authentication Proxy for
HTTP(S), Web Authentication, and consent features. This can be
exploited to bypass the authentication proxy services and the consent
accept web page if a successfully authenticated session or accepted
consent session exists.

9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP
inspection feature. This can be exploited to reload a device via a
specially crafted SIP transit packet.

10) An error exists in the NTPv4 implementation while creating NTP
reply packets. This can be exploited to trigger a device reload via a
specially crafted NTP packet.

SOLUTION:
Update to a fixed version (please see the vendor's advisories for
details).

PROVIDED AND/OR DISCOVERED BY:
1, 3-10) Reported by the vendor.
2) Reported to the vendor by a customer.

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml

OTHER REFERENCES:
SA36836:
http://secunia.com/advisories/36836/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------