Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC: InfoSec Handlers Diary Blog - Cisco security advisory overview InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cisco security advisory overview

Published: 2008-03-26
Last Updated: 2008-03-27 13:25:45 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

Cisco released today its first combined six-monthly batch of security advisories.

A quick overview might help in prioritizing your actions.

Advisory CVEs Cisco's CVSS 2.0 base score Impact
PPTP Multiple vulnerabilities in virtual private dial up network (VPDN) when PPTP is used lead to Denial of Service.
CVE-2008-1151
CVE-2008-1150
7.1
4.3
DoS
DLSw Multiple vulnerabilities in the Data-link Switching (DLSw) feature when processing UDP or IP protocol 91 packets lead to Denial of Service. DLSw is used to carry SNA and NetBIOS over IP.
CVE-2008-1152 7.8 DoS
IPv4IPv6 Dual stack (IPv4 and IPv6) routers have a vulnerability when targeted with crafted IPv6 UDP packets in certain conditions
CVE-2008-1153 7.8 DoS
queue Certain Catalyst 6500 and Cisco 7600 devices are vulnerable to a DoS attack when configured for OSPF and MPLS VPNs
CVE-2008-0537 7.8 DoS
mvpn Cisco's implementation of Multicast Virtual Private Network (MVPN) is vulnerable to extra multicast state creation.
[MVPN is to support multicast traffic in a MPLS VPN]
CVE-2008-1156 7.5 Extra multicast states can be created resulting a.o. in a potential for leaking multicast traffic from one MPLS VPN to another.
Note: MPLS VPNs do not use encryption, they only separate the data.

For support and obtaining fixed software, please reference your support contracts, third party support or Cisco's TAC as appropriate.

Cisco provides a CVSS calculator.

--
Swa Frantzen -- Gorilla Security

Keywords: cisco
0 comment(s)
Diary Archives