|
|
|
|
| |
Credit:
The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
|
| |
Vulnerable Systems:
* Cisco IOS SSL VPN
Immune Systems:
* Cisco ASA 5500 Series Adaptive Security Appliances
* Cisco IOS XR Software
* Cisco IOS XE Software
Exploitation could allow a remote, unauthenticated user to cause a memory leak on the affected devices, that could result in a memory exhaustion condition that may cause device reloads, the inability to service new TCP connections, and other denial of service (DoS) conditions. A complete TCP 3-way handshake is required to exploit this vulnerability.
Patch Availability:
Please refer to section "Software Versions and Fixes" at:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
Workaround:
Disabling HTTP redirection for SSL VPN connections can be used as a workaround for this vulnerability.
HTTP redirection for SSL VPN connections is disabled by executing the command no http-redirect port in webvpn gateway configuration mode.
In addition, manually clearing the hung TCBs with the command clear tcp tcb * will transition the TCBs into a CLOSED state. After a time they will clear the CLOSED state and the memory will be released.
Note: Clearing the TCB will clear both legitimate and hung connections, including remote connections to the device such as Telnet and SSH connections.
CVE Information:
CVE-2010-2836
Disclosure Timeline:
2010-September-22 Public Release
|
|
|
|
|
