Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco Secure Content Accelerator vulnerable to SSL worm

From: Mike Caudill <mcaudill () cisco com>
Date: Fri, 4 Oct 2002 16:46:41 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



We can confirm the finding made by Matt Zimmerman <mdz () debian org> for all 
older releases of the Cisco Secure Content Accelerator software.

Cisco has released version 3.2.0.20 of Cisco Secure Content Accelerator 
software on September 27, 2002 which resolves the OpenSSL issue.

The new version of software is available to customers via our website at 

        http://www.cisco.com/cgi-bin/tablebuild.pl/cs-conacc

This problem has been documented in the Release-notes for version 3.2.0.20
online at:

        http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/v320b20.htm#xtocid13


- -Mike-




Product         : Cisco SCA 11000 Series Secure Content Accelerator
Product URL     : http://www.cisco.com/warp/customer/cc/pd/cxsr/ps2083/
CVE             : CAN-2002-0656
Software release: All current releases
Vendor status   : PSIRT and TAC notified 2002/09/17, last update 2002/09/24
Patch status    : No patch available



Attempts to exploit the vulnerability described in CAN-2002-0656 cause the
SCA 11000 (all tested software releases) to spontaneously reboot, resulting
in at least a denial of service.  This product incorporates code from an
older OpenSSL release, and thus shares the same vulnerability.  There is no
known means to work around this issue, short of disabling SSL services on
the system.



Cisco's Secure Content Accelerator is closely related to SonicWall's SSL
offloader product.  The SonicWall product was also vulnerable, and a
statement and fix were issued promptly:



http://www.sonicwall.com/support/security_advisories/security_advisory-openSSL.html



No official fix is as yet available from Cisco for this issue, and no
advisory has been released.  Impact is likely equivalent to impact on the
SonicWall product.



Cisco PSIRT publishes advisories here:



http://www.cisco.com/warp/public/707/advisory.html



-- 
 - mdz


- -- 
- ----------------------------------------------------------------------------
|      ||        ||       | Mike Caudill              | mcaudill () cisco com |
|      ||        ||       | PSIRT Incident Manager    | 919.392.2855       |
|     ||||      ||||      | DSS PGP: 0xEBBD5271       | 919.522.4931 (cell)|
| ..:||||||:..:||||||:..  | RSA PGP: 0xF482F607       ---------------------|
| C i s c o S y s t e m s | http://www.cisco.com/go/psirt                  |
- ----------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQA/AwUBPZ3+GYpjyUnrvVJxEQIlbQCeP9Ce2M7rpVgGncXa67XLyUcFzNoAoN5p
8V8uMFPZKxJ10sHmkzOceYc9
=qOdy
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: