Gladiator Research and Security

GSA Reference Number: AD081024-01

Simply Put: Cisco has announced three vulnerabilities in Cisco ASA and PIX devices.  The vulnerabilities cover Windows NT Domain authentication, IPv6, and the Crypto Accelerator. Gladiator will be reviewing all monitored client Cisco devices to determine what IOS version they are running.  If a device is out of date, it will be updated.

Attack Details:

Cisco’s Security Advisory includes three seperate vulnerabilities:

• Windows NT Domain Authentication Bypass Vulnerability – this vulnerability could lead to a VPN authentication bypass if the device is using Windows NT authentication.  Typical authentication methods include LDAP and RADIUS.
• IPv6 Denial of Service Vulnerability – This vulnerability only affects devices setup for IPv6.  If the device is only running IPv4 services it is not vulnerable.
• Crypto Accelerator Memory Leak Vulnerability – This vulnerability only affects ASA 5500 devices running version 8 of the Cisco IOS.  PIX devices are not affected.  This vulnerability affects the availability of the device and could cause a denial of service.

Countermeasures: Cisco has released IOS patches for each of the vulnerabilities listed above. Do not attempt applying these updates this without assistance from your network support vendor, if applicable.  Gladiator customer devices affected by this vulnerability will be patched.

Reference Links:

• Cisco Security Advisory Bundle (http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml)
• Secunia Crypto Accelerator Advisory (http://secunia.com/Advisories/32392/)
• Secunia VPN Authentication Bypass Advisory (http://secunia.com/Advisories/32360/)
• Secunia IPv6 Denial of Service Advisory (http://secunia.com/Advisories/32391/)