Cisco Alert

| | Comments (2)

For those of you playing along at home who also have to have an ASA running 8.0 or 8.1 code, pay attention. The rest of you, go about your business. Move along, nothing to see here...

Cisco recently announced that a flaw exists in ASA 8.0 and 8.1 code that can force the device to reload itself if a specially-formed HTTP packet passes through it if SSL VPN is being used. There are a couple of other conditions, but from what I've read they're all pretty non-standard configurations.

The moral of the story - keep your code up to date.

There's also a paper being released at Black Hat Europe next week that will supposedly reveal a fundamental flaw in BGP and MPLS of a comparable seriousness to Kaminsky's DNS exploit of several months ago. So all those of you who run BGP (yeah yeah I know, no one who runs BGP is going to be reading the blog of little old me), heads up.


There has been some speculation that the BGP and MPLS flaws that will be demonstrated are 'old news' to the BGP running community (and of the form of, "if I take control of your router, I can do stuff to BGP and MPLS that is kind of sneaky").

It will be interesting to see what actually is going to be presented, though.

Yeah, I heard a similar analysis from one of our CCIEs. I'm looking forward to reading the paper though - BGP is just sort of inherently cool.

About this Entry

This page contains a single entry by Philip Ratzsch published on April 9, 2009 8:11 PM.

Nginx site loading functions was the previous entry in this blog.

Yet another extensive thought that dawned on me in the shower is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.