===================================================================== CERT-Renater Note d'Information No. 2011/VULN039 _____________________________________________________________________ DATE : 20/01/2011 HARDWARE PLATFORM(S) : Cisco ASA 5500 Series Adaptive Security Appliances. OPERATING SYSTEM(S) : Cisco ASA 5500 Series Adaptive Security Appliances versions 8.x. ====================================================================== http://www.publicsafety.gc.ca/prg/em/ccirc/2011/av11-004-eng.aspx ______________________________________________________________________ Multiple Vulnerabilities in Cisco ASA Number: AV11-004 Date: 18 January 2011 Purpose The purpose of this advisory is to raise awareness of multiple vulnerabilities in Cisco ASA, for which a security patch update is now available. Assessment Multiple vulnerabilities exist in Cisco ASA 5500 series adaptive security appliances that if exploited by remote users, could cause a denial of service (DoS), permit access to sensitive information or bypass restrictions. These issues are caused by errors related to SIP inspection, ACLs, Mobile User Security (MUS) service, multicast traffic, LAN-to-LAN (L2L) IPsec sessions, ASDM, Neighbour Discovery (ND), EIGRP traffic, TELNET, IPsec traffic, emWEB, device startup, Online Certificate Status Protocol (OCSP) connections, CIFS, SMTP inspection, and LDAP authentication. Cisco Bug ID References: CSCth36592, CSCtg61810, CSCtg69742, CSCte53635, CSCte46460, CSCte20030, CSCtf29867, CSCte14901, CSCsz80777, CSCsz36816, CSCsy86769, CSCsy08416, CSCsx52748, CSCsv40504, CSCtg63992, CSCtg06316, CSCtf20269, CSCti24526, CSCsm11264, CSCtb92911 CVE References: CVE-2009-5037 - CVE-2010-4670 - CVE-2010-4672 - CVE-2010-4673 - CVE-2010-4674 - CVE-2010-4675 - CVE-2010-4676 - CVE-2010-4677 - CVE-2010-4678 - CVE-2010-4679 - CVE-2010-4680 - CVE-2010-4681 - CVE-2010-4682 - CVE-2010-4688 - CVE-2010-4689 - CVE-2010-4690 - CVE-2010-4691 - CVE-2010-4692 Affected Versions - ----------------- Cisco ASA 5500 Series Adaptive Security Appliances versions 8.x Suggested action CCIRC recommends that organizations liaise with administrators of the affected products to assess exposure and apply vendor-recommended updates. Note: A list of open caveats which may affect certain environments can be found within the Release Notes referenced below. References - ---------- http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.pdf http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.vupen.com/english/advisories/2011/0130 http://securitytracker.com/alerts/2011/Jan/1024963.html Note to Readers The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security. For general information, please contact Public Safety Canada's Public Affairs division at: Telephone: 613-944-4875 or 1-800-830-3118 Fax: 613-998-9589 E-mail: communications@ps-sp.gc.ca ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================