CVE-2009-1159 (GCVE-0-2009-1159)

Vulnerability from cvelistv5 – Published: 2009-04-09 15:00 – Updated: 2024-08-07 05:04

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

FKIE_CVE-2009-1159

Vulnerability from fkie_nvd - Published: 2009-04-09 15:08 - Updated: 2026-04-23 00:35

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://osvdb.org/53446
psirt@cisco.com	http://secunia.com/advisories/34607
psirt@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml	Patch, Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/34429
psirt@cisco.com	http://www.securitytracker.com/id?1022015
psirt@cisco.com	http://www.vupen.com/english/advisories/2009/0981
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53446
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34607
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34429
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022015
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0981

Impacted products

Vendor	Product	Version
cisco	adaptive_security_appliance_5500	7.2
cisco	adaptive_security_appliance_5500	8.0
cisco	adaptive_security_appliance_5500	8.1
cisco	pix	7.2
cisco	pix	8.0
cisco	pix	8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no espec\u00edfica en Cisco Adaptive Security Appliances (ASA) 5500 Series y PIX Security Appliances v7.2 anteriores a v7.2(4)26, v8.0 anteriores a v8.0(4)22, y v8.1 anteriores a v8.1(2)12, cuando la inspecci\u00f3n SQL*Net est\u00e1 activada, permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (rastreo y recarga del dispositivo) a trav\u00e9s de series de paquetes SQL*Net."
    }
  ],
  "id": "CVE-2009-1159",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-09T15:08:35.780",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/53446"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/34607"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/34429"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1022015"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2009/0981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/53446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0981"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200904-0284

Vulnerability from variot - Updated: 2025-04-10 23:03

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQLNet inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQLNet packets. Remote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. These issues are documented by the following Cisco Bug IDs: CSCsx47543 further documents the issue tracked by CVE-2009-1155. CSCsv52239 further documents the issue tracked by CVE-2009-1156. CSCsy22484 further documents the issue tracked by CVE-2009-1157. CSCsx32675 further documents the issue tracked by CVE-2009-1158. CSCsw51809 further documents the issue tracked by CVE-2009-1159. CSCsq91277 further documents the issue tracked by CVE-2009-1160. This security advisory outlines the details of these vulnerabilities:

VPN Authentication Bypass when Account Override Feature is Used vulnerability
Crafted HTTP packet denial of service (DoS) vulnerability
Crafted TCP Packet DoS vulnerability
Crafted H.323 packet DoS vulnerability
SQL*Net packet DoS vulnerability
Access control list (ACL) bypass vulnerability

Workarounds are available for some of the vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml.

Affected Products

Vulnerable Products +------------------

The following is a list of the products affected by each vulnerability as described in detail within this advisory.

Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). This feature is disabled by default. Only Cisco ASA software versions 8.0 and 8.1 are affected by this vulnerability. H.323 inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. SQL*Net inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected by this vulnerability. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this vulnerability.

Determination of Software Versions +---------------------------------

The "show version" command-line interface (CLI) command can be used to determine whether a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA Adaptive Security Appliance that runs software version 8.0(4):

ASA#show version

    Cisco Adaptive Security Appliance Software Version 8.0(4)
    Device Manager Version 6.0(1)

<output truncated>

The following example shows a Cisco PIX security appliance that runs software version 8.0(4):

PIX#show version

Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 5.2(3)

<output truncated>

Customers who use Cisco ASDM to manage their devices can find the software version displayed in the table in the login window or in the upper left corner of the ASDM window.

Products Confirmed Not Vulnerable +--------------------------------

The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers and Cisco VPN 3000 Series Concentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.

Details

This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities are independent of each other. However, the user must provide the correct credentials in order to login to the VPN.

Note: The override account feature was introduced in Cisco ASA software version 7.1(1).

The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode, as shown in the following example. The following example allows overriding the "account-disabled" indicator from the AAA server for the WebVPN tunnel group "testgroup":

hostname(config)#tunnel-group testgroup type webvpn
hostname(config)#tunnel-group testgroup general-attributes
hostname(config-tunnel-general)#override-account-disable

Note: The override account feature is disabled by default.

Crafted HTTP Packet DoS Vulnerability +------------------------------------

A crafted SSL or HTTP packet may cause a DoS condition on a Cisco ASA device that is configured to terminate SSL VPN connections. This vulnerability can also be triggered to any interface where ASDM access is enabled. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability.

Crafted TCP Packet DoS Vulnerability +-----------------------------------

A crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX device. A successful attack may result in a sustained DoS condition. A Cisco ASA device configured for any of the following features is affected:

SSL VPNs
ASDM Administrative Access
Telnet Access
SSH Access
cTCP for Remote Access VPNs
Virtual Telnet
Virtual HTTP
TLS Proxy for Encrypted Voice Inspection
Cut-Through Proxy for Network Access
TCP Intercept

Note: This vulnerability may be triggered when crafted packets are sent to any TCP based service that terminates on the affected device. The vulnerability may also be triggered via transient traffic only if the TCP intercept features has been enabled. A TCP three-way handshake is not needed to exploit this vulnerability.

Crafted H.323 Packet DoS Vulnerability +-------------------------------------

A crafted H.323 packet may cause a DoS condition on a Cisco ASA device that is configured with H.323 inspection. H.323 inspection is enabled by default. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is enabled by default. A successful attack may result in a reload of the device.

The default port assignment for SQLNet is TCP port 1521. This is the value used by Oracle for SQLNet. Please note the "class-map" command can be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection to a range of different port numbers. A TCP three-way handshake is needed to exploit this vulnerability. The requirement of a TCP three way handshake significantly reduces the possibility of exploitation using packets with spoofed source addresses.

Access Control List Bypass Vulnerability +---------------------------------------

Access lists have an implicit deny behavior that is applied to packets that have not matched any of the permit or deny ACEs in an ACL and reach the end of the ACL. This implicit deny is there by design, does not require any configuration and can be understood as an implicit ACE that denies all traffic reaching the end of the ACL. A vulnerability exists in the Cisco ASA and Cisco PIX that may allow traffic to bypass the implicit deny ACE.

Note: This behavior only impacts the implicit deny statement on any ACL applied on the device. Access control lists with explicit deny statements are not affected by this vulnerability. This vulnerability is experienced in very rare occasions and extremely hard to reproduce.

You can trace the lifespan of a packet through the security appliance to see whether the packet is operating correctly with the packet tracer tool. The "packet-tracer" command provides detailed information about the packets and how they are processed by the security appliance. If a command from the configuration did not cause the packet to drop, the "packet-tracer" command will provide information about the cause in an easily readable manner. You can use this feature to see if the implicit deny on an ACL is not taking effect. The following example shows that the implicit deny is bypassed (result = ALLOW):

<output truncated>
... 
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x1a09d350, priority=1, domain=permit, deny=false
        hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8
        src mac=0000.0000.0000, mask=0000.0000.0000
        dst mac=0000.0000.0000, mask=0000.0000.0000

<output truncated>

This vulnerability is documented in Cisco Bug ID CSCsq91277 and has been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2009-1160.

Vulnerability Scoring Details +----------------------------

Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

AAA account-override-ignore allows VPN session without correct password (CSCsx47543)

CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None

CVSS Temporal Score - 6.8 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed

Cisco ASA may crash with certain HTTP packets (CSCsv52239)

CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete

CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed

Cisco ASA may crash after processing certain TCP packets (CSCsy22484)

CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete

CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed

Crafted H.323 packet may cause ASA to reload (CSCsx32675)

CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete

CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed

sqlnet traffic causes traceback with inspection configured (CSCsw51809)

CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete

CVSS Temporal Score - 6.4 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed

ACL Misbehavior in Cisco ASA (CSCsq91277)

CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None

CVSS Temporal Score - 3.6 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed

Impact

Successful exploitation of the VPN Authentication Bypass when Account Override Feature is Used vulnerability may allow an attacker to successfully connect to the Cisco ASA via remote access IPSec or SSL-based VPN. Repeated exploitation could result in a sustained DoS condition. Successful exploitation of the ACL bypass vulnerability may allow an attacker to access resources that should be protected by the Cisco ASA.

Software Versions and Fixes

When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.

The following table contains the first fixed software release of each vulnerability. The "Recommended Release" row indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Release" row of the table.

+------------------------------------------------------+ | | Affected | First | Recommended | | Vulnerability | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | VPN | | vulnerable | | |Authentication |----------+------------+-------------| | Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 | |Account |----------+------------+-------------| | Override | 7.2 | 7.2(4)27 | 7.2(4)30 | |Feature is |----------+------------+-------------| | Used | 8.0 | 8.0(4)25 | 8.0(4)28 | |Vulnerability |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted HTTP | | vulnerable | | |packet DoS |----------+------------+-------------| | Vulnerability | 7.2 | Not | 7.2(4)30 | | | | vulnerable | | | |----------+------------+-------------| | | 8.0 | 8.0(4)25 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)16 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted TCP |----------+------------+-------------| | Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)28 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)19 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted H.323 |----------+------------+-------------| | packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)24 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)14 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted SQL | | vulnerable | | |packet DoS |----------+------------+-------------| | vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 | | |----------+------------+-------------| | | 8.0 | 8.0(4)22 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)12 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)1 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)74 | 7.1(2)82 | |Access control |----------+------------+-------------| | list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 | |bypass |----------+------------+-------------| | vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | Not | 8.1(2)19 | | | | vulnerable | | +------------------------------------------------------+

Fixed Cisco ASA software can be downloaded from:

http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT

Fixed Cisco PIX software can be downloaded from:

http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT

Workarounds

This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities and their respective workarounds are independent of each other.

VPN Authentication Bypass Vulnerability +--------------------------------------

The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode. As a workaround, disable this feature using the "no override-account-disable" command.

Crafted HTTP Packet DoS Vulnerability +------------------------------------

Devices configured for SSL VPN (clientless or client-based) or accepting ASDM management connections are vulnerable.

Note: IPSec clients are not vulnerable to this vulnerability.

If SSL VPN (clientless or client-based) is not used, administrators should make sure that ASDM connections are only allowed from trusted hosts.

To identify the IP addresses from which the security appliance accepts HTTPS connections for ASDM, configure the "http" command for each trusted host address or subnet. The following example, shows how a trusted host with IP address 192.168.1.100 is added to the configuration:

hostname(config)# http 192.168.1.100 255.255.255.255

Crafted TCP Packet DoS Vulnerability +-----------------------------------

There are no workarounds for this vulnerability.

Crafted H.323 Packet DoS Vulnerability +-------------------------------------

H.323 inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. H.323 inspection can be disabled with the command "no inspect h323".

SQL*Net Packet DoS Vulnerability +-------------------------------

SQLNet inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. SQLNet inspection can be disabled with the command "no inspect sqlnet".

Access Control List (ACL) Bypass Vulnerability +---------------------------------------------

As a workaround, remove the "access-group" line applied on the interface where the ACL is configured and re-apply it. For example:

ASA(config)#no access-group acl-inside in interface inside
ASA(config)#access-group acl-inside in interface inside

In the previous example the access group called "acl-inside" is removed and reapplied to the inside interface. Alternatively, you can add an explicit "deny ip any any" line in the bottom of the ACL applied on that interface. For example:

ASA(config)#access-list 100 deny ip any any

In the previous example, an explicit deny for all IP traffic is added at the end of "access-list 100".

Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link:

http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml.

Obtaining Fixed Software

Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.

Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.

Customers with Service Contracts +-------------------------------

Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.

Customers using Third Party Support Organizations +------------------------------------------------

Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.

The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.

Customers without Service Contracts +----------------------------------

Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.

+1 800 553 2447 (toll free from within North America)
+1 408 526 7209 (toll call from anywhere in the world)
e-mail: tac@cisco.com

Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.

Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

The crafted TCP packet DoS vulnerability was discovered and reported to Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon Business.

The ACL bypass vulnerability was reported to Cisco by Jon Ramsey and Jeff Jarmoc from SecureWorks.

The Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities, and welcomes the opportunity to review and assist in product reports.

All other vulnerabilities were found during internal testing and during the resolution of customer service requests.

Status of this Notice: FINAL

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

Distribution

This advisory is posted on Cisco's worldwide website at:

http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml

In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.

cust-security-announce@cisco.com
first-bulletins@lists.first.org
bugtraq@securityfocus.com
vulnwatch@vulnwatch.org
cisco@spot.colorado.edu
cisco-nsp@puck.nether.net
full-disclosure@lists.grok.org.uk
comp.dcom.sys.cisco@newsgate.cisco.com

Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.

Revision History

+------------------------------------------------------------+ | Revision 1.0 | 2009-April-08 | Initial public release. | +------------------------------------------------------------+

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.

Updated: Apr 08, 2009 Document ID: 109974 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc Q8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ =Xi7D -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia report for 2008.

SOLUTION: Update to the fixed versions (please see the vendor advisory for patch information).

PROVIDED AND/OR DISCOVERED BY: 3) The vendor credits Gregory W.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml

OTHER REFERENCES: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200904-0284",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "pix",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "pix",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.1"
      },
      {
        "model": "adaptive security appliance 5500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.1"
      },
      {
        "model": "adaptive security appliance 5500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "pix",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "adaptive security appliance 5500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "8.1"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1(2)19"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1(2)15"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1(2)14"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1(2)12"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0(4)5"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0(4)28"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0(4)25"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0(4)24"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0(4)22"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(4)9"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(4)30"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(4)27"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(4)26"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(2)82"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(2)74"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0(8)6"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0(8)1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "34429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1159"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:pix_asa",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gregory W. MacPherson Jon Ramsey",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-1159",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2009-1159",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-38605",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-1159",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-1159",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200904-200",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-38605",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38605"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1159"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets. \nRemote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. \nThese issues are documented by the following Cisco Bug IDs:\nCSCsx47543 further documents the issue tracked by CVE-2009-1155. \nCSCsv52239 further documents the issue tracked by CVE-2009-1156. \nCSCsy22484 further documents the issue tracked by CVE-2009-1157. \nCSCsx32675 further documents the issue tracked by CVE-2009-1158. \nCSCsw51809 further documents the issue tracked by CVE-2009-1159. \nCSCsq91277 further documents the issue tracked by CVE-2009-1160. This security\nadvisory outlines the details of these vulnerabilities:\n\n  * VPN Authentication Bypass when Account Override Feature is Used\n    vulnerability\n\n  * Crafted HTTP packet denial of service (DoS) vulnerability\n\n  * Crafted TCP Packet DoS vulnerability\n\n  * Crafted H.323 packet DoS vulnerability\n\n  * SQL*Net packet DoS vulnerability\n\n  * Access control list (ACL) bypass vulnerability\n\nWorkarounds are available for some of the vulnerabilities. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml. \n\nAffected Products\n=================\n\nVulnerable Products\n+------------------\n\nThe following is a list of the products affected by each vulnerability\nas described in detail within this advisory. \n\nNote: The Override Account Disabled feature was introduced in Cisco\nASA software version 7.1(1). This feature is\ndisabled by default. Only Cisco ASA software versions 8.0 and 8.1 are\naffected by this vulnerability. H.323 inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1\nare affected by this vulnerability. SQL*Net inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected\nby this vulnerability. Cisco ASA and\nCisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this\nvulnerability. \n\nDetermination of Software Versions\n+---------------------------------\n\nThe \"show version\" command-line interface (CLI) command can be used to\ndetermine whether a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA Adaptive\nSecurity Appliance that runs software version 8.0(4):\n\n    ASA#show version\n\n        Cisco Adaptive Security Appliance Software Version 8.0(4)\n        Device Manager Version 6.0(1)\n\n    \u003coutput truncated\u003e\n\nThe following example shows a Cisco PIX security appliance that runs\nsoftware version 8.0(4):\n\n    PIX#show version\n\n    Cisco PIX Security Appliance Software Version 8.0(4)\n    Device Manager Version 5.2(3)\n\n    \u003coutput truncated\u003e\n\nCustomers who use Cisco ASDM to manage their devices can find the\nsoftware version displayed in the table in the login window or in the\nupper left corner of the ASDM window. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500\nSeries switches and Cisco 7600 Series routers and Cisco VPN 3000 Series\nConcentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be\naffected by these vulnerabilities. \n\nDetails\n=======\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities are independent of each other. However, the user must provide the correct\ncredentials in order to login to the VPN. \n\nNote: The override account feature was introduced in Cisco ASA software\nversion 7.1(1). \n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode, as shown in the following example. The following\nexample allows overriding the \"account-disabled\" indicator from the AAA\nserver for the WebVPN tunnel group \"testgroup\":\n\n    hostname(config)#tunnel-group testgroup type webvpn\n    hostname(config)#tunnel-group testgroup general-attributes\n    hostname(config-tunnel-general)#override-account-disable\n\nNote: The override account feature is disabled by default. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nA crafted SSL or HTTP packet may cause a DoS condition on a Cisco\nASA device that is configured to terminate SSL VPN connections. This\nvulnerability can also be triggered to any interface where ASDM access\nis enabled. A successful attack may result in a reload of the device. A\nTCP three-way handshake is not needed to exploit this vulnerability. \n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nA crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX\ndevice. A successful attack may result in a sustained DoS condition. \nA Cisco ASA device configured for any of the following features is\naffected:\n\n  * SSL VPNs\n  * ASDM Administrative Access\n  * Telnet Access\n  * SSH Access\n  * cTCP for Remote Access VPNs\n  * Virtual Telnet\n  * Virtual HTTP\n  * TLS Proxy for Encrypted Voice Inspection\n  * Cut-Through Proxy for Network Access\n  * TCP Intercept\n\nNote: This vulnerability may be triggered when crafted packets are sent\nto any TCP based service that terminates on the affected device. The\nvulnerability may also be triggered via transient traffic only if the\nTCP intercept features has been enabled. A TCP three-way handshake is\nnot needed to exploit this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nA crafted H.323 packet may cause a DoS condition on a Cisco ASA device\nthat is configured with H.323 inspection. H.323 inspection is enabled by\ndefault. A successful attack may result in a reload of the device. A TCP\nthree-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is\nenabled by default. A successful attack may result in a reload of the\ndevice. \n\nThe default port assignment for SQL*Net is TCP port 1521. This is the\nvalue used by Oracle for SQL*Net. Please note the \"class-map\" command\ncan be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection\nto a range of different port numbers. A TCP three-way handshake is\nneeded to exploit this vulnerability. The requirement of a TCP three way\nhandshake significantly reduces the possibility of exploitation using\npackets with spoofed source addresses. \n\nAccess Control List Bypass Vulnerability\n+---------------------------------------\n\nAccess lists have an implicit deny behavior that is applied to packets\nthat have not matched any of the permit or deny ACEs in an ACL and reach\nthe end of the ACL. This implicit deny is there by design, does not\nrequire any configuration and can be understood as an implicit ACE that\ndenies all traffic reaching the end of the ACL. A vulnerability exists\nin the Cisco ASA and Cisco PIX that may allow traffic to bypass the\nimplicit deny ACE. \n\nNote: This behavior only impacts the implicit deny statement on any\nACL applied on the device. Access control lists with explicit deny\nstatements are not affected by this vulnerability. This vulnerability is\nexperienced in very rare occasions and extremely hard to reproduce. \n\nYou can trace the lifespan of a packet through the security appliance\nto see whether the packet is operating correctly with the packet tracer\ntool. The \"packet-tracer\" command provides detailed information about\nthe packets and how they are processed by the security appliance. If a\ncommand from the configuration did not cause the packet to drop, the\n\"packet-tracer\" command will provide information about the cause in an\neasily readable manner. You can use this feature to see if the implicit\ndeny on an ACL is not taking effect. The following example shows that\nthe implicit deny is bypassed (result = ALLOW):\n\n    \u003coutput truncated\u003e\n    ... \n    Phase: 2\n    Type: ACCESS-LIST\n    Subtype:\n    Result: ALLOW\n    Config:\n    Implicit Rule\n    Additional Information:\n     Forward Flow based lookup yields rule:\n     in  id=0x1a09d350, priority=1, domain=permit, deny=false\n            hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8\n            src mac=0000.0000.0000, mask=0000.0000.0000\n            dst mac=0000.0000.0000, mask=0000.0000.0000\n\n    \u003coutput truncated\u003e\n\nThis vulnerability is documented in Cisco Bug ID CSCsq91277 and has\nbeen assigned Common Vulnerabilities and Exposures (CVE) identifiers\nCVE-2009-1160. \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory based\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\nthis Security Advisory is done in accordance with CVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of the\nvulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* AAA account-override-ignore allows VPN session without correct\npassword (CSCsx47543)\n\nCVSS Base Score - 7.8\n    Access Vector -            Network\n    Access Complexity -        Low\n    Authentication -           None\n    Confidentiality Impact -   Complete\n    Integrity Impact -         None\n    Availability Impact -      None\n\nCVSS Temporal Score - 6.8\n    Exploitability -           High\n    Remediation Level -        Official-Fix\n    Report Confidence -        Confirmed\n\n* Cisco ASA may crash with certain HTTP packets (CSCsv52239)\n\nCVSS Base Score - 7.8\n    Access Vector -            Network\n    Access Complexity -        Low\n    Authentication -           None\n    Confidentiality Impact -   None\n    Integrity Impact -         None\n    Availability Impact -      Complete\n\nCVSS Temporal Score - 6.4\n    Exploitability -           Functional\n    Remediation Level -        Official-Fix\n    Report Confidence -        Confirmed\n\n* Cisco ASA may crash after processing certain TCP packets (CSCsy22484)\n\nCVSS Base Score - 7.8\n    Access Vector -            Network\n    Access Complexity -        Low\n    Authentication -           None\n    Confidentiality Impact -   None\n    Integrity Impact -         None\n    Availability Impact -      Complete\n\nCVSS Temporal Score - 6.4\n    Exploitability -           Functional\n    Remediation Level -        Official-Fix\n    Report Confidence -        Confirmed\n\n* Crafted H.323 packet may cause ASA to reload (CSCsx32675)\n\nCVSS Base Score - 7.8\n    Access Vector -            Network\n    Access Complexity -        Low\n    Authentication -           None\n    Confidentiality Impact -   None\n    Integrity Impact -         None\n    Availability Impact -      Complete\n\nCVSS Temporal Score - 6.4\n    Exploitability -           Functional\n    Remediation Level -        Official-Fix\n    Report Confidence -        Confirmed\n\n* sqlnet traffic causes traceback with inspection configured\n(CSCsw51809)\n\nCVSS Base Score - 7.8\n    Access Vector -            Network\n    Access Complexity -        Low\n    Authentication -           None\n    Confidentiality Impact -   None\n    Integrity Impact -         None\n    Availability Impact -      Complete\n\nCVSS Temporal Score - 6.4\n    Exploitability -           High\n    Remediation Level -        Official-Fix\n    Report Confidence -        Confirmed\n\n* ACL Misbehavior in Cisco ASA (CSCsq91277)\n\nCVSS Base Score - 4.3\n    Access Vector -            Network\n    Access Complexity -        Medium\n    Authentication -           None\n    Confidentiality Impact -   Partial\n    Integrity Impact -         None\n    Availability Impact -      None\n\nCVSS Temporal Score - 3.6\n    Exploitability -           Functional\n    Remediation Level -        Official-Fix\n    Report Confidence -        Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the VPN Authentication Bypass when Account\nOverride Feature is Used vulnerability may allow an attacker to\nsuccessfully connect to the Cisco ASA via remote access IPSec or\nSSL-based VPN. Repeated exploitation could result in\na sustained DoS condition. Successful exploitation of the ACL bypass\nvulnerability may allow an attacker to access resources that should be\nprotected by the Cisco ASA. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\nexposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following table contains the first fixed software release of each\nvulnerability. The \"Recommended Release\" row indicates the releases\nwhich have fixes for all the published vulnerabilities at the time\nof this Advisory. A device running a version of the given release in\na specific row (less than the First Fixed Release) is known to be\nvulnerable. Cisco recommends upgrading to a release equal to or later\nthan the release in the \"Recommended Release\" row of the table. \n\n+------------------------------------------------------+\n|                | Affected |   First    | Recommended |\n| Vulnerability  | Release  |   Fixed    |   Release   |\n|                |          |  Version   |             |\n|----------------+----------+------------+-------------|\n|                | 7.0      | Not        | 7.0(8)6     |\n| VPN            |          | vulnerable |             |\n|Authentication  |----------+------------+-------------|\n| Bypass when    | 7.1      | 7.1(2)82   | 7.1(2)82    |\n|Account         |----------+------------+-------------|\n| Override       | 7.2      | 7.2(4)27   | 7.2(4)30    |\n|Feature is      |----------+------------+-------------|\n| Used           | 8.0      | 8.0(4)25   | 8.0(4)28    |\n|Vulnerability   |----------+------------+-------------|\n|                | 8.1      | 8.1(2)15   | 8.1(2)19    |\n|----------------+----------+------------+-------------|\n|                | 7.0      | Not        | 7.0(8)6     |\n|                |          | vulnerable |             |\n|                |----------+------------+-------------|\n|                | 7.1      | Not        | 7.1(2)82    |\n| Crafted HTTP   |          | vulnerable |             |\n|packet DoS      |----------+------------+-------------|\n| Vulnerability  | 7.2      | Not        | 7.2(4)30    |\n|                |          | vulnerable |             |\n|                |----------+------------+-------------|\n|                | 8.0      | 8.0(4)25   | 8.0(4)28    |\n|                |----------+------------+-------------|\n|                | 8.1      | 8.1(2)15   | 8.1(2)16    |\n|----------------+----------+------------+-------------|\n|                | 7.0      | 7.0(8)6    | 7.0(8)6     |\n|                |----------+------------+-------------|\n|                | 7.1      | 7.1(2)82   | 7.1(2)82    |\n|Crafted TCP     |----------+------------+-------------|\n| Packet DoS     | 7.2      | 7.2(4)30   | 7.2(4)30    |\n|Vulnerability   |----------+------------+-------------|\n|                | 8.0      | 8.0(4)28   | 8.0(4)28    |\n|                |----------+------------+-------------|\n|                | 8.1      | 8.1(2)19   | 8.1(2)19    |\n|----------------+----------+------------+-------------|\n|                | 7.0      | 7.0(8)6    | 7.0(8)6     |\n|                |----------+------------+-------------|\n|                | 7.1      | 7.1(2)82   | 7.1(2)82    |\n|Crafted H.323   |----------+------------+-------------|\n| packet DoS     | 7.2      | 7.2(4)26   | 7.2(4)30    |\n|Vulnerability   |----------+------------+-------------|\n|                | 8.0      | 8.0(4)24   | 8.0(4)28    |\n|                |----------+------------+-------------|\n|                | 8.1      | 8.1(2)14   | 8.1(2)19    |\n|----------------+----------+------------+-------------|\n|                | 7.0      | Not        | 7.0(8)6     |\n|                |          | vulnerable |             |\n|                |----------+------------+-------------|\n|                | 7.1      | Not        | 7.1(2)82    |\n| Crafted SQL    |          | vulnerable |             |\n|packet DoS      |----------+------------+-------------|\n| vulnerability  | 7.2      | 7.2(4)26   | 7.2(4)30    |\n|                |----------+------------+-------------|\n|                | 8.0      | 8.0(4)22   | 8.0(4)28    |\n|                |----------+------------+-------------|\n|                | 8.1      | 8.1(2)12   | 8.1(2)19    |\n|----------------+----------+------------+-------------|\n|                | 7.0      | 7.0(8)1    | 7.0(8)6     |\n|                |----------+------------+-------------|\n|                | 7.1      | 7.1(2)74   | 7.1(2)82    |\n|Access control  |----------+------------+-------------|\n| list (ACL)     | 7.2      | 7.2(4)9    | 7.2(4)30    |\n|bypass          |----------+------------+-------------|\n| vulnerability  | 8.0      | 8.0(4)5    | 8.0(4)28    |\n|                |----------+------------+-------------|\n|                | 8.1      | Not        | 8.1(2)19    |\n|                |          | vulnerable |             |\n+------------------------------------------------------+\n\nFixed Cisco ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nFixed Cisco PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT\n\nWorkarounds\n===========\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities and their respective workarounds are independent\nof each other. \n\nVPN Authentication Bypass Vulnerability\n+--------------------------------------\n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode. As a workaround, disable this feature using the \"no\noverride-account-disable\" command. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nDevices configured for SSL VPN (clientless or client-based) or accepting\nASDM management connections are vulnerable. \n\nNote: IPSec clients are not vulnerable to this vulnerability. \n\nIf SSL VPN (clientless or client-based) is not used, administrators\nshould make sure that ASDM connections are only allowed from trusted\nhosts. \n\nTo identify the IP addresses from which the security appliance\naccepts HTTPS connections for ASDM, configure the \"http\" command for\neach trusted host address or subnet. The following example, shows\nhow a trusted host with IP address 192.168.1.100 is added to the\nconfiguration:\n\n    hostname(config)# http 192.168.1.100 255.255.255.255\n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nThere are no workarounds for this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nH.323 inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. H.323 inspection\ncan be disabled with the command \"no inspect h323\". \n\nSQL*Net Packet DoS Vulnerability\n+-------------------------------\n\nSQL*Net inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. SQL*Net\ninspection can be disabled with the command \"no inspect sqlnet\". \n\nAccess Control List (ACL) Bypass Vulnerability\n+---------------------------------------------\n\nAs a workaround, remove the \"access-group\" line applied on the interface\nwhere the ACL is configured and re-apply it. For example:\n\n    ASA(config)#no access-group acl-inside in interface inside\n    ASA(config)#access-group acl-inside in interface inside\n\nIn the previous example the access group called \"acl-inside\" is removed\nand reapplied to the inside interface. Alternatively, you can add an\nexplicit \"deny ip any any\" line in the bottom of the ACL applied on that\ninterface. For example:\n\n    ASA(config)#access-list 100 deny ip any any\n\nIn the previous example, an explicit deny for all IP traffic is added at\nthe end of \"access-list 100\". \n\nAdditional mitigations that can be deployed on Cisco devices within the\nnetwork are available in the Cisco Applied Mitigation Bulletin companion\ndocument for this advisory, which is available at the following link:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should consult\ntheir maintenance provider or check the software for feature set\ncompatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature\nsets they have purchased. By installing, downloading, accessing\nor otherwise using such software upgrades, customers agree to be\nbound by the terms of Cisco\u0027s software license terms found at\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,\nor as otherwise set forth at Cisco.com Downloads at\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\nupgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through their\nregular update channels. For most customers, this means that upgrades\nshould be obtained through the Software Center on Cisco\u0027s worldwide\nwebsite at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through prior\nor existing agreements with third-party support organizations, such\nas Cisco Partners, authorized resellers, or service providers should\ncontact that support organization for guidance and assistance with the\nappropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or fix\nis the most appropriate for use in the intended network before it is\ndeployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco service\ncontract, and customers who purchase through third-party vendors but are\nunsuccessful in obtaining fixed software through their point of sale\nshould acquire upgrades by contacting the Cisco Technical Assistance\nCenter (TAC). TAC contacts are as follows. \n\n  * +1 800 553 2447 (toll free from within North America)\n  * +1 408 526 7209 (toll call from anywhere in the world)\n  * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to a\nfree upgrade. Free upgrades for non-contract customers must be requested\nthrough the TAC. \n\nRefer to\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThe crafted TCP packet DoS vulnerability was discovered and reported\nto Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon\nBusiness. \n\nThe ACL bypass vulnerability was reported to Cisco by Jon Ramsey and\nJeff Jarmoc from SecureWorks. \n\nThe Cisco PSIRT greatly appreciates the opportunity to work with\nresearchers on security vulnerabilities, and welcomes the opportunity to\nreview and assist in product reports. \n\nAll other vulnerabilities were found during internal testing and during\nthe resolution of customer service requests. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that omits\nthe distribution URL in the following section is an uncontrolled copy,\nand may lack important information or contain factual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice is\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\ne-mail and Usenet news recipients. \n\n  * cust-security-announce@cisco.com\n  * first-bulletins@lists.first.org\n  * bugtraq@securityfocus.com\n  * vulnwatch@vulnwatch.org\n  * cisco@spot.colorado.edu\n  * cisco-nsp@puck.nether.net\n  * full-disclosure@lists.grok.org.uk\n  * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on mailing\nlists or newsgroups. Users concerned about this problem are encouraged\nto check the above URL for any updates. \n\nRevision History\n================\n\n+------------------------------------------------------------+\n| Revision 1.0  | 2009-April-08  | Initial public release.   |\n+------------------------------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities\nin Cisco products, obtaining assistance with security\nincidents, and registering to receive security information\nfrom Cisco, is available on Cisco\u0027s worldwide website at\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding\nCisco security notices. All Cisco security advisories are available at\nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n\nUpdated: Apr 08, 2009                             Document ID: 109974\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc\nQ8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ\n=Xi7D\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nSOLUTION:\nUpdate to the fixed versions (please see the vendor advisory for\npatch information). \n\nPROVIDED AND/OR DISCOVERED BY:\n3) The vendor credits Gregory W. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nOTHER REFERENCES:\nhttp://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      },
      {
        "db": "BID",
        "id": "34429"
      },
      {
        "db": "VULHUB",
        "id": "VHN-38605"
      },
      {
        "db": "PACKETSTORM",
        "id": "76440"
      },
      {
        "db": "PACKETSTORM",
        "id": "76528"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-1159",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "34429",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "34607",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1022015",
        "trust": 2.5
      },
      {
        "db": "OSVDB",
        "id": "53446",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0981",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196",
        "trust": 0.8
      },
      {
        "db": "CISCO",
        "id": "20090408 MULTIPLE VULNERABILITIES IN CISCO ASA ADAPTIVE SECURITY APPLIANCE AND CISCO PIX SECURITY APPLIANCES",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-200",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-38605",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76440",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76528",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38605"
      },
      {
        "db": "BID",
        "id": "34429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      },
      {
        "db": "PACKETSTORM",
        "id": "76440"
      },
      {
        "db": "PACKETSTORM",
        "id": "76528"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1159"
      }
    ]
  },
  "id": "VAR-200904-0284",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38605"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:03:11.239000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20090408-asa",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1159"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/34429"
      },
      {
        "trust": 2.5,
        "url": "http://osvdb.org/53446"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1022015"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/34607"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2009/0981"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1159"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1159"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080a99518.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502566"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml#@id"
      },
      {
        "trust": 0.2,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1157"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1156"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1158"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1160"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html,"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asapsirt"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1155"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1159"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pixpsirt"
      },
      {
        "trust": 0.1,
        "url": "http://intellishield.cisco.com/security/alertmanager/cvss"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34607/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/request_2008_report/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38605"
      },
      {
        "db": "BID",
        "id": "34429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      },
      {
        "db": "PACKETSTORM",
        "id": "76440"
      },
      {
        "db": "PACKETSTORM",
        "id": "76528"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1159"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-38605"
      },
      {
        "db": "BID",
        "id": "34429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      },
      {
        "db": "PACKETSTORM",
        "id": "76440"
      },
      {
        "db": "PACKETSTORM",
        "id": "76528"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1159"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38605"
      },
      {
        "date": "2009-04-08T00:00:00",
        "db": "BID",
        "id": "34429"
      },
      {
        "date": "2009-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      },
      {
        "date": "2009-04-08T18:42:33",
        "db": "PACKETSTORM",
        "id": "76440"
      },
      {
        "date": "2009-04-09T15:10:51",
        "db": "PACKETSTORM",
        "id": "76528"
      },
      {
        "date": "2009-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      },
      {
        "date": "2009-04-09T15:08:35.780000",
        "db": "NVD",
        "id": "CVE-2009-1159"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38605"
      },
      {
        "date": "2009-04-13T20:06:00",
        "db": "BID",
        "id": "34429"
      },
      {
        "date": "2009-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      },
      {
        "date": "2009-04-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2009-1159"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco PIX/ASA In  SQL*Net Packet service disruption  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001196"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-200"
      }
    ],
    "trust": 0.6
  }
}

GHSA-7HGF-PCVC-HJ4R

Vulnerability from github – Published: 2022-05-02 03:22 – Updated: 2022-05-02 03:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1159"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-09T15:08:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets.",
  "id": "GHSA-7hgf-pcvc-hj4r",
  "modified": "2022-05-02T03:22:13Z",
  "published": "2022-05-02T03:22:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1159"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/53446"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34607"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34429"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022015"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0981"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-134

Vulnerability from certfr_avis - Published: 2009-04-10 - Updated: 2009-04-10

Plusieurs vulnérabilités affectent les produits Cisco. Leurs exploitation permet de contourner la politique de sécurité ou de réaliser un déni de service à distance.

Description

Plusieurs vulnérabilités affectent les produits Cisco :

lorsque la fonctionnalité override account est activée, une vulnérabilité permet de contourner l'authentification ;
lorsqu'un boîtier Cisco ASA est serveur de VPN SSL ou lorsque l'interface de gestion ASDM est active, une vulnérabilité dans le traitement des paquets SSL et HTTP permet à un utilisateur malveillant de provoquer un rechargement de l'équipement ;
un défaut de la gestion de la mémoire est présent dans le traitement des paquets TCP. Il est exploitable pour provoquer un déni de service dès lors qu'un service basé sur TCP est actif sur l'équipement (VPN SSL, ASDM, SSH...) ;
le traitement défectueux des paquets H.323 permet à un utilisateur malveillant de provoquer le rechargement de l'équipement ;
le traitement défectueux des paquets SQL*Net permet à un utilisateur malveillant de provoquer le rechargement de l'équipement ;
une erreur non précisée permet de ne pas tenir compte de l'interdiction d'accès implicite lors du traitement des listes de contrôle d'accès.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	N/A	Cisco ASA 7.x et 8.x.
	Cisco	N/A	Cisco PIX 7.x et 8.x ;

References

Title

Publication Time

GSD-2009-1159

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1159

Aliases

CVE-2009-1159

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1159",
    "description": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets.",
    "id": "GSD-2009-1159"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1159"
      ],
      "details": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets.",
      "id": "GSD-2009-1159",
      "modified": "2023-12-13T01:19:47.415194Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2009-1159",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2009-0981",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0981"
          },
          {
            "name": "34429",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34429"
          },
          {
            "name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
          },
          {
            "name": "34607",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34607"
          },
          {
            "name": "53446",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/53446"
          },
          {
            "name": "1022015",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022015"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-1159"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
            },
            {
              "name": "1022015",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022015"
            },
            {
              "name": "ADV-2009-0981",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/0981"
            },
            {
              "name": "53446",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/53446"
            },
            {
              "name": "34607",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34607"
            },
            {
              "name": "34429",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34429"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2009-04-28T05:39Z",
      "publishedDate": "2009-04-09T15:08Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1159 (GCVE-0-2009-1159)

FKIE_CVE-2009-1159

VAR-200904-0284

Affected Products

Details

Impact

Software Versions and Fixes

Workarounds

Obtaining Fixed Software

Exploitation and Public Announcements

Status of this Notice: FINAL

Distribution

Revision History

Cisco Security Procedures

GHSA-7HGF-PCVC-HJ4R

CERTA-2009-AVI-134

Description

Solution

GSD-2009-1159

Tags

Sightings

Nomenclature