SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Embedded Server/Appliance)  >   Cisco ASA Vendors:   Cisco
Cisco ASA Bugs Let Remote Users Bypass LDAP Authentication and Deny Service
SecurityTracker Alert ID:  1017995
SecurityTracker URL:  http://securitytracker.com/id/1017995
CVE Reference:   CVE-2007-2462   (Links to External Site)
Updated:  May 13 2008
Original Entry Date:  May 2 2007
Impact:   Denial of service via network, Host/resource access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1 prior to 7.1(2)49, 7.2 prior to 7.2(2)19
Description:   Several vulnerabilities were reported in Cisco ASA. A remote user can bypass LDAP authentication. A remote user can cause denial of service conditions.

A remote user can bypass authentication on devices that use LDAP AAA servers for authenticating L2TP IPSec tunnels or remote management sessions. Devices configured to use LDAP in conjunction with CHAP, MS-CHAPv1, or MS-CHAPv2 for authenticating L2TP IPSec tunnels are affected.

A remote user can bypass authentication on devices that use LDAP AAA servers for authenticating management sessions.

Cisco has assigned Cisco Bug ID CSCsh42793 to this vulnerability.

A remote user with knowledge of an IPSec VPN group name and group password can deny service to the VPN tunnel when configured with password expiry. The target device may reload.

A remote user can deny service to an SSL VPN tunnel when configured with password expiry. The target device may reload.

Cisco has assigned Cisco Bug ID CSCsh81111 to this vulnerability.

A remote user can exploit a race condition in the processing of non-standard SSL sessions to cause the target device to reload. Cisco has assigned Cisco Bug ID CSCsi16248 to this vulnerability.

These vulnerabilities were reported to Cisco by Cisco customers.

Impact:   A remote user may be able to access the internal network or the target device.

A remote user can disconnect VPN users, prevent new connections, prevent the device from transmitting traffic, or cause the device to reload.

Solution:   Cisco has issued fixed versions (7.1(2)49, 7.2(2)19).

The Cisco advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml (Links to External Site)
Cause:   Authentication error, Exception handling error, State error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 2 May 2007 13:07:19 -0400
Subject:  Cisco Security Advisory: LDAP and VPN Vulnerabilities in PIX and ASA Appliances


http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC