nanog mailing list archives
Re: Possible Sudden Uptick in ASA DOS?
From: Dario Ciccarone <dciccaro () cisco com>
Date: Wed, 08 Jul 2015 14:01:56 -0400
NANOG members: Hi there. This is Dario Ciccarone from the Cisco PSIRT - the Product Security Incident Response Team. This is to acknowledge we're aware of this issue, and we're working with all the appropriate parties. Indeed, it seems the culprit is Cisco bug ID CSCul36176 - which was released as part of the Cisco Security Advisory "Multiple Vulnerabilities in Cisco ASA Software ", which was published on October 8th, 2014. The full advisory is available at the following URL: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa As I said, the Cisco PSIRT is working with the Cisco Technical Assistance Center on this matter, and we're analyzing the available information. The advisory will be updated to reflect the fact we're seeing active exploitation of this issue. NANOG members are welcome to contact us at psirt () cisco com if they have any additional questions or concerns, or any information relevant to this issue. Thanks, Dario On 7/8/15 12:58 PM, Mark Mayfield wrote:
Come in this morning to find one failover pair of ASA's had the primary crash and failover, then a couple hours later, the secondary crash and failover, back to the primary. Another pair running the same code had the primary crash and fail in the same time window. So, three crashes in 4 hours in our environment. Open a TAC case on one of these for post-mortem analysis, and they interpreted the crash dump to point at a DOS bug first published in Oct. The very interesting thing; on the phone the TAC engineer said this was "the 10th one of these I've dealt with this morning". Here's the bug they reference: https://tools.cisco.com/bugsearch/bug/CSCul36176/?reffering_site=dumpcr Anyone else have observations to add on this? Mark Mayfield City of Roseville - AS 54371 Network Systems Engineer 2660 Civic Center Drive Roseville, MN 55113 651-792-7098 Office
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Possible Sudden Uptick in ASA DOS?, (continued)
- Re: Possible Sudden Uptick in ASA DOS? Paul Hoogsteder (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Eddie Tardist (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Christoph Blecker (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Eddie Tardist (Jul 10)
- Re: Possible Sudden Uptick in ASA DOS? Paul Ferguson (Jul 10)
- RE: Possible Sudden Uptick in ASA DOS? Mark Mayfield (Jul 08)
- Re: Possible Sudden Uptick in ASA DOS? Roland Dobbins (Jul 08)
- Re: Possible Sudden Uptick in ASA DOS? Todd Williams (Jul 08)