Posted on 02/11/2016 6:45:01 PM PST by Utilizer
Cisco has scrambled to fix a serious vulnerability in its Adaptive Security Appliances and Next-Generation Firewalls products which can be used to remotely take over and reboot the devices.
Unauthenticated remote attackers can exploit a bug in the internet key exchange (IKE) version 1 and 2 protocol code running on Cisco ASA software, and trigger a buffer overflow.
IKE is used to authenticate connections and to set up secure virtual private networks, landing on the firewalls.
Security researchers David Barksdale, Jordan Gruskovnjak and Alex Wheeler said the algorithm for reassembling fragmented IKE payloads "contain a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data".
The vulnerability can be triggered through malformed user datagram protocol (UDP) packets, sent via IP versions 4 and 6 traffic.
(Excerpt) Read more at itnews.com.au ...
Don’t programmers debug their programs before they offer them to the public?
It sounds like it is a good thing to do, but apparently it is not one shared by I.T. industry.
Grooooovy, man. Is it an interpretation of a Cisco Firewall?
No. Just a graphic I found on the internet. I increased the length about ten times and animated it.
Don’t encourage it, mate.
Too bad that don’t still go by PIX.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.