科技回声

7 条评论

silenteh超过 9 年前

Here a nice explanation of the vulnerability: <a href="https://blog.exodusintel.com/2016/02/10/firewall-hacking/" rel="nofollow">https://blog.exodusintel.com/2016/02/10/firewall-hacking/</a>There is also a Snort signature to detect attempts to exploit this vulnerability.

评论 #11094658 未加载

madsushi超过 9 年前

Cisco was also rushed to release the fix, as all of the new builds are tagged 'interim' and warn users that they have bugs and stability problems that will be fixed later. Most notably, several issues with ASA Clustering were found in the new builds. So you're damned if you do, damned if you don't.

tyingq超过 9 年前

Edit...this is wrong-> It's specific to Cisco ASA firewalls with a version level < 9.1(7), which was released in January of 2015.Edit: Gelob, below, is right. There's a really unfortunate "read more" link that hides the important bits on Cisco's documentation and caused my confusion.

评论 #11094098 未加载

评论 #11094081 未加载

achillean超过 9 年前

Here's an overview of devices that are running IKE on the Internet at the moment: <a href="https://www.shodan.io/report/h2Naw1fd" rel="nofollow">https://www.shodan.io/report/h2Naw1fd</a>

xyzzy4超过 9 年前

As someone who used to work at Cisco, I'm not surprised. Everything is coded in C, and there are memory leaks all over the place because releases are made before most of these bugs are fixed.

virtualwhys超过 9 年前

> Note: Only traffic directed to the affected system can be used to exploit this vulnerability.I'm confused, how else would the system be compromised, by directing traffic at the moon?Running an EOL ASA in colo on v8.2. Have been holding out due to the post-v8.2 changes to NAT. Looks like you need a SmartNET contract to get the fix, unfortunate, many legacy devices will left vulnerable as a result.Well, there goes the weekend...

评论 #11096323 未加载

评论 #11095826 未加载

评论 #11097742 未加载

评论 #11095852 未加载

评论 #11096138 未加载

SpyKiIIer超过 9 年前

Rackspace pushed this update to all their clients last night, as they have seen this attack against some of their infrastructure...

7 条评论

silenteh超过 9 年前

评论 #11094658 未加载

madsushi超过 9 年前

tyingq超过 9 年前

评论 #11094098 未加载

评论 #11094081 未加载

achillean超过 9 年前

Here's an overview of devices that are running IKE on the Internet at the moment: <a href="https://www.shodan.io/report/h2Naw1fd" rel="nofollow">https://www.shodan.io/report/h2Naw1fd</a>

xyzzy4超过 9 年前

As someone who used to work at Cisco, I'm not surprised. Everything is coded in C, and there are memory leaks all over the place because releases are made before most of these bugs are fixed.

virtualwhys超过 9 年前

评论 #11096323 未加载

评论 #11095826 未加载

评论 #11097742 未加载

评论 #11095852 未加载

评论 #11096138 未加载

SpyKiIIer超过 9 年前

Rackspace pushed this update to all their clients last night, as they have seen this attack against some of their infrastructure...

Cisco buffer overflow vulnerability with remote code execution

7 条评论

Cisco buffer overflow vulnerability with remote code execution

7 条评论