Thursday, December 20, 2007 11:14 AM
cmosby
Cisco Firewall Services Module Denial of Service Vulnerability - Advisories - Secunia
Cisco Firewall Services Module Denial of Service Vulnerability
Secunia Advisory:
SA28175
Release Date:
2007-12-20
Critical:
Moderately critical
Impact:
DoS
Where:
From remote
Solution Status:
Vendor Workaround
Software:
Cisco Firewall Services Module (FWSM) 3.x
CVE reference:
CVE-2007-5584 (Secunia mirror)
Description:
A vulnerability has been reported in the Cisco Firewall Services Module (FWSM), which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error in the processing of data in the control-plane path with Layer 7 Application Inspections. This can be exploited to cause a crash and reload the FWSM via specially crafted network traffic.
The vulnerability is reported in FWSM System Software version 3.2(3).
Solution:
Update to FWSM software version 3.2(4) (available approximately 2007-12-31).
Apply vendor workaround (see vendor advisory for details).
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20071219-fwsm.shtml
Source: Cisco Firewall Services Module Denial of Service Vulnerability - Advisories - Secunia
Filed under: Internet Applications, Security