Security Update

Description
Two vulnerabilities were found in Cisco Catalyst Content Switching Modules(CSM) and Cisco Catalyst content Switching Module with SSL (CSM-S). The first vulnerability exists when processing TCP packets, and the second vulnerability affects devices with service termination enabled.

Vulnerability 1: An unspecified error exists when processing certain TCP packets that were received out of order. This can be exploited to cause a high CPU load or a device reload due to a FPGA4 exception with icp.fatPath length error by sending specially crafted TCP packets to a vulnerable system.

Vulnerability 2: An unspecified error exists within the "service termination" option, which can be exploited to cause a PGA4 exception 1 IDLE error under a high network load by sending specially crafted TCP packets to a vulnerable system.

Product affected
Vulnerability 1 affected CSM with software version 4.2 prior to 4.2.3a and CSM-S with software version 2.1 prior to 2.1.2a

Vulnerability 2 affected CSM with software version 4.2 prior to 4.2.7 and CSM-S with software version 2.1 prior to 2.1.6

Solution
Apply patches:

Registered customers can obtained fixed software for the CSM from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cat6000-csm?psrtdcat20e2

Registered customers can obtained fixed software for the CSM-S from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cat6000-csms?psrtdcat20e2

Source
Cisco

1 : Symantec Enterprise Vault Special Promotion
2 : Citrix- The Secrets of Successful Application Delivery
3 : Hosted Exchange Service

Enquiry Hotline: 2102 5894    Email: marketing@nexus-hk.com