Multiple Vulnerabilities in Cisco ASA 5500 Series

Cisco ASA 5500 Series Adaptive Security Appliances are affected by the following vulnerabilities:

* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service Vulnerability
* Crafted TCP Segment Denial of Service Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability
* NT LAN Manager version 1 (NTLMv1) Authentication Bypass Vulnerability

These vulnerabilities are not interdependent; a release that is affected by one vulnerability is not necessarily affected by the others.

There are workarounds for some of the vulnerabilities disclosed in this advisory.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml

Multiple Vulnerabilities in Cisco IronPort Encryption Appliance

Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitigate these vulnerabilities.

Vulnerable Products

The following Cisco IronPort Encryption Appliance versions are affected by these vulnerabilities:

* Cisco IronPort Encryption Appliance 6.5 versions prior to 6.5.2
* Cisco IronPort Encryption Appliance 6.2 versions prior to 6.2.9.1
* Cisco IronPort PostX MAP versions prior to 6.2.9.1

The version of software that is running on a Cisco IronPort Encryption Appliance is located on the About page of the Cisco IronPort Encryption Appliance administration interface.

Products Confirmed Not Vulnerable

Cisco IronPort C, M, and S-Series appliances are not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml.

Riverbed bundles Microsoft Server in its WAN optimization appliances

Networkworld

Riverbed will sell Microsoft’s Windows Server bundled with its WAN optimization devices as a way to simplify purchasing for its customers.

The server will run on the Riverbed Service Platform (RSP), a partition of Riverbed’s Steelhead WAN optimization appliances that can support five VMware virtual machines per appliance.This would have been possible without the OEM agreement between Riverbed and Microsoft, but customers would have been required to deal with both vendors.

Read the full article on networkworld.com…