Secunia

Description
Some vulnerabilities have been reported in Cisco ASA and PIX appliances, which can be exploited by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service).

1) An unspecified error exists in the Cisco ASA and Cisco PIX security appliances, which can be exploited to bypass authentication when the "override account" feature is enabled.

This vulnerability is reported in Cisco ASA and PIX software versions 7.1, 7.2, 8.0, and 8.1.

2) An unspecified error in the processing of HTTP packets can be exploited to cause a reload by sending a specially crafted SSL or HTTP packet to a Cisco ASA device that is configured to terminate SSL VPN connections or to an interface where ASDM access is enabled.

This vulnerability is reported in Cisco ASA software versions 8.0 and 8.1.

3) A memory leak in the processing of TCP packets can be exploited to cause a DoS by sending specially crafted TCP packets to a TCP-based service on an affected device.

This vulnerability is reported in Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 with any of the following features enabled.

* SSL VPNs
* ASDM Administrative Access
* Telnet Access
* SSH Access
* Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs
* Virtual Telnet
* Virtual HTTP
* Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection
* Cut-Through Proxy for Network Access
* TCP Intercept

4) An unspecified error in the H.323 inspection can be exploited to cause a reload of an affected device via specially crafted H.323 packets.

This vulnerability is reported in Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1.

5) An unspecified error in the SQL*Net inspection can be exploited to cause a reload of an affected device via specially crafted SQL*Net packets.

This vulnerability is reported in Cisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1.

6) An unspecified error can be exploited to bypass the implicit deny behavior when handling Access Control Lists.

This vulnerability is reported in Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, and 8.0.

Solution
Update to the fixed versions (please see the vendor advisory for patch information).

Provided and/or discovered by
3) The vendor credits Gregory W. MacPherson and Robert J. Combo from Verizon Business.
6) The vendor credits Jon Ramsey, Jeff Jarmoc, and Fernando Medrano from SecureWorks.

Original Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area