Vulnerabilities > CVE-2008-3817 - Resource Management Errors vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 3 |
Common Weakness Enumeration (CWE)
Oval
| accepted | 2008-12-08T04:00:54.883-05:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator." | ||||
| family | pixos | ||||
| id | oval:org.mitre.oval:def:5597 | ||||
| status | accepted | ||||
| submitted | 2008-05-26T11:06:36.000-04:00 | ||||
| title | Cisco ASA and PIX Crypto Accelerator Memory Leak Vulnerability | ||||
| version | 2 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 31865 CVE(CAN) ID: CVE-2008-3817 Cisco自适应安全设备(ASA)是可提供安全和VPN服务的模块化平台。 如果向Cisco ASA安全设备发送了一系列特制报文的话,就可能在硬件加密加速器的初始化代码中触发内存泄露,导致拒绝服务的情况。仅有发送到设备而不是经过设备的报文才可以触发这个漏洞。 Cisco ASA 8.1 Cisco ASA 8.0 Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20081022-asa)以及相应补丁: cisco-sa-20081022-asa:Multiple Vulnerabilities in Cisco PIX and Cisco ASA 链接:<a href=http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml target=_blank>http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml</a> 补丁下载: <a href=http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2 target=_blank>http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2</a> |
| id | SSV:4286 |
| last seen | 2017-11-19 |
| modified | 2008-10-23 |
| published | 2008-10-23 |
| reporter | Root |
| title | Cisco ASA设备加密加速器内存破坏拒绝服务漏洞 |
References
- http://secunia.com/advisories/32392
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml
- http://www.securityfocus.com/bid/31865
- http://www.securitytracker.com/id?1021088
- http://www.vupen.com/english/advisories/2008/2899
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46027
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5597