Gladiator Research and Security

GSA Reference Number: AD090909-01

Simply Put: Cisco has announced a new vulnerability in multiple Cisco products, including Cisco ASA and PIX appliances and routers.  The vulnerability covers a resource exhaustion issue with TCP connections, which causes a denial of service.  Some devices may need to be rebooted to fully recover.  This vulnerability is considered Critical by Gladiator. We will be reviewing all CoreDEFENSE-monitored Cisco ASA and PIX devices for susceptibility.

There have been reports of a new vulnerability in Microsoft Vista that would allow a local user to run code as System, which is an even higher privilege level than Administrator.  However, the user would have to be an Administrator to exploit the vulnerability, and the practical differences between Administrator and System are minimal.  So really, there is not much of a reason to be concerned.  If you see reports for an iphlpapi.dll Local Kernel Buffer Overflow, a Vista TCP/IP stack buffer overflow or a CreateIpForwardEntry2 this is the issue being referenced.  There is no need to panic.  In fact, Microsoft is not releasing an out-of-band patch for this issue, so they don’t believe it’s that critical.  Phion AG, the researcher group who found the vulnerability, has released a patch of its own, but we do not recommend you install it at this time.