Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

T-023: Multiple Vulnerabilities in Cisco PIX and Cisco ASA

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) T-023: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
# 1  
Old 11-13-2008
T-023: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances: 1) Windows NT domain authentication bypass; 2) IPv6 Denial of Service; and 3) Crypto Accelerator memory leak. NOTE: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another. The risk is MEDIUM. A remote intruder could make a VPN connection to a network without needing to authenticate.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. IP Networking

Openswan with Cisco ASA

Hi all, I need this as soon as possible to solve it or at least to find out what is the problem. I have configured IPSec tunnels with Openswan and Cisco ASA, i have established a connection and the ping was fine, but after some time there is request time out from both sites. I don't have ASA... (0 Replies)
Discussion started by: ivancd
0 Replies

2. IP Networking

Cisco 3750 Switch ASA VPN Routing

Hi,I want connect my ASA 5510 firewall to a 3750 switch with RIP routing. Unfortunately,I am having issues passing the VPN subnet through rip to the 3750.I don't understand how the routing table is populated on the ASA. Any suggestions? (0 Replies)
Discussion started by: Ayaerlee
0 Replies

3. IP Networking

How to establish site to site vpn - Linux machine and cisco asa?

Hi, I am trying to establish vpn between my linux server and cisco asa at client side. I installed openswan on my cent os. Linux Server eth0 - 182.2.29.10 Gateway - 182.2.29.1 eth1 - 192.9.200.75 I have simple IPtables Like WAN="eth0" LAN="eth1" (0 Replies)
Discussion started by: ashokvpp
0 Replies

4. Solaris

Connecting Solaris 10 to Cisco PIX with IPsec tunnel

I having problem connecting to a Cisco PIX Log from IKE # /usr/lib/inet/in.iked -f /etc/inet/ike/config -d Jan 16 00:40:57: 2012 (+0800) *** in.iked started *** Jan 16 00:40:57: Loading configuration... Jan 16 00:40:57: Checking lifetimes in "nullrule" Jan 16 00:40:57: Using default value... (0 Replies)
Discussion started by: conandor
0 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

filter_backends

FILTER 
BACKENDS(7)					 Miscellaneous Information Manual					FILTER BACKENDS(7)

NAME

       filter_backends - output drivers for the filtergen packet filter compiler

INTRODUCTION

       This document describes the status and feature-set of the currently available filtergen backends.

IPTABLES

       Most  development  is  done first against the iptables driver.  It supports reject, masquerading, transparent proxying, logging (with text)
       and sub-groups, all of which should work fine (though the latter has only recently been fixed).

IPCHAINS

       The ipchains driver supports all of the above features, too.  Its state model is much weaker though, of	course.   The  forwarding  support
       should work OK, though it is not possible to support "local"-only packets.

IPFILTER

       The  ipfilter  backend  is incomplete.  It supports accept, drop, reject and logging, but not masq, transproxy or sub-groups.  It should be
       easy for someone with knowledge of ipfilter to add support for the other features.  Options for OpenBSD "pf" features and syntax  would	be
       nice, too.  It has received no testing; I don't even know if the generated filters are syntactically correct.

CISCO

       The  cisco  driver is in roughly the same sort of state as the ipfilter one.  Additionally, because of the limitations of IOS ACLs, it sup-
       ports only a limited set of features.  It cannot support reject or transparent proxying, and  may  not  be  able  to  support  masquerading
       either.	An option for reflexive (stateful) ACLs would be very useful.

       I understand that Cisco PIX firewalls use a variant of this syntax -- it would be very nice to support them too.

SEE ALSO

       filtergen(8), filter_syntax(5)

								  January 7, 2004						FILTER BACKENDS(7)