
----------------------------------------------------------------------

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.

Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/

----------------------------------------------------------------------

TITLE:
Cisco Catalyst Content Switching Modules Denial of Service
Vulnerabilities

SECUNIA ADVISORY ID:
SA26724

VERIFY ADVISORY:
http://secunia.com/advisories/26724/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
>From remote

SOFTWARE:
Cisco Catalyst Content Switching Module with SSL (CSM-S) 2.x
http://secunia.com/product/15617/
Cisco Catalyst Content Switching Module (CSM) 4.x
http://secunia.com/product/15616/

DESCRIPTION:
Two vulnerabilities have been reported in the Cisco Catalyst Content
Switching Modules (CSM) and Cisco Catalyst Content Switching Module
with SSL (CSM-S), which can be exploited by malicious people to cause
a DoS (Denial of Service).

1) An unspecified error exists when processing certain TCP packets
that were received out of order. This can be exploited to cause a
high CPU load or a device reload due to a FPGA4 exception with
icp.fatPath length error by sending specially crafted TCP packets to
a vulnerable system.

2) An unspecified error exists within the "service termination"
option, which can be exploited to cause a PGA4 exception 1 IDLE error
under a high network load by sending specially crafted TCP packets to
a vulnerable system.

Vulnerability #1 is reported in CSM 4.2 prior to 4.2.3a and CMS-S
2.1prior to 2.1.2a. Vulnerability #2 is reported in CSM 4.2 prior to
4.2.7 and CMS-S 2.1 prior to 2.1.6.

SOLUTION:
Apply updated versions. See vendor advisory for details.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.cisco.com/en/US/products/products_security_advisory09186a00808b4d3b.shtml

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------