Security Hero Rotating Header Image

July, 2008:

Internet Key Exchange Resource Exhaustion Attack

Internet Key Exchange Resource Exhaustion Attack

This is a Cisco PSIRT response to an advisory published by an unaffiliated third party, Roy Hills, of NTA Monitor Ltd posted as of July 26, 2006 at http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html, and entitled: Cisco VPN Concentrator IKE resource exhaustion DoS.

URL: http://www.cisco.com/en/US/products/products_security_response09186a00806f33d4.html

Increased Threat for DNS Spoofing Vulnerability – 7/25/2008

Microsoft Security Advisory (956187): Increased Threat for DNS Spoofing Vulnerability – 7/25/2008

Revision Note: July 25, 2008: Advisory published. Advisory Summary:Microsoft released Microsoft Security Bulletin MS08-037, Vulnerabilities in DNS Could Allow Spoofing (953230), on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet.

URL: http://www.microsoft.com/technet/security/advisory/956187.mspx

DNS and Security Gurus Shed Light on Recent CERT Advisory and Other Threats to DNS Infrastructure

DNS and Security Gurus Shed Light on Recent CERT Advisory and Other Threats to DNS Infrastructure

Infoblox Inc. today announced that it will host a webinar to explain the potential impacts of the new DNS security flaw recently publicized by CERT.

URL: http://feedproxy.google.com/~r/InfobloxNewsFeed/~3/KtlU9pdgXDU/release.cfm

Seeing the green

Seeing the green

Troon Golf, with 190 courses in 32 states, found a more efficient and cost-effective way to link its links, reports Greg Masters.

URL: http://www.scmagazineus.com/Seeing-the-green/article/111433/

Fifth Third Bank Deploys Infoblox For Essential DNS and DHCP Services

Fifth Third Bank Deploys Infoblox For Essential DNS and DHCP Services

Infoblox Inc. today announced that Cincinnati-based Fifth Third Bank has deployed Infoblox appliances company-wide for delivery of core network services.

URL: http://feedproxy.google.com/~r/InfobloxNewsFeed/~3/2-KwkDMn-vA/release.cfm

Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers

Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

URL: http://www.cisco.com/en/US/products/products_security_advisory09186a008096986d.shtml

Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability

Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability

Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.

URL: http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml

Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720

Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720

Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.

URL: http://www.cisco.com/en/US/products/products_security_advisory09186a0080969882.shtml

Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak

Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak

This Applied Mitigation Bulletin is a companion document to the PSIRT Security Advisory Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak and provides identification and mitigation techniques that administrators can deploy on Cisco network devices.

URL: http://www.cisco.com/en/US/products/products_security_advisory09186a0080969868.shtml

Blended Threat from Combined Attack Using Apple’s Safari on the Windows Pl atform – 7/2/2008

Microsoft Security Advisory (953818): Blended Threat from Combined Attack Using Apples Safari on the Windows Platform – 7/2/2008

Revision Note: July 2, 2008: Updated the Suggested Actions. Advisory Summary:Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apples Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.

URL: http://www.microsoft.com/technet/security/advisory/953818.mspx

SNMP Version 3 Authentication Vulnerabilities

SNMP Version 3 Authentication Vulnerabilities

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

URL: http://www.cisco.com/en/US/products/products_security_advisory09186a00809ac83b.shtml