Multiple Vulnerabilities in Cisco Firewall Services Module

2012-10-10T16:00:00
ID CISCO-SA-20121010-FWSM
Type cisco
Reporter Cisco
Modified 2012-10-10T14:28:46

Description

DCERPC is a protocol that is widely used by Microsoft distributed client and server applications that allows software clients to remotely execute programs on a server.

A vulnerability exists in the DCERPC inspection engine that would allow an unauthenticated, remote attacker to cause a reload of the affected system or to overflow the stack and possibly execute arbitrary commands. The vulnerability is due to insufficient validation of DCERPC packets within a valid DCERPC session. An attacker could exploit this vulnerability by sending a crafted DCERPC packet that needs to be inspected by the affected system.

DCERPC is a protocol widely used by Microsoft distributed client and server applications that allows software clients to execute programs on a server remotely.

A vulnerability exists in the code of the DCERPC inspection feature of Cisco ASA that would allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper validation of DCERPC packets within a valid DCERPC session. An attacker could exploit this vulnerability by sending a crafted packet to the affected system.

DCERPC is a protocol widely used by Microsoft distributed client and server applications that allows software clients to execute programs on a server remotely.

A vulnerability exists in the code of the DCERPC inspection feature that would allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper validation of DCERPC packets within a valid DCERPC session. An attacker could exploit this vulnerability by sending a crafted packet to the affected system.

The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities:

DCERPC Inspection Buffer Overflow Vulnerability

DCERPC Inspection Denial Of Service Vulnerabilities

These vulnerabilities are not interdependent; a release that is affected by one vulnerability is not necessarily affected by the other.

Exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to trigger a reload of the affected device, or to execute arbitrary commands. Repeated exploitation could result in a denial of service (DoS) condition.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-fwsm["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-fwsm"]

Note: The Cisco Catalyst 6500 Series ASA Services Module, and the Cisco ASA 5500 Series Adaptive Security Appliance may also be affected by these vulnerabilities.

The vulnerabilities affecting the Cisco Catalyst 6500 Series ASA Services Module and Cisco ASA 5500 Series Adaptive Security Appliance have been disclosed in a separate Cisco Security Advisory. The Advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa"]