BugTraq
Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability Mar 30 2016 04:17PM
Cisco Systems Product Security Incident Response Team (psirt cisco com) (1 replies)
RE: Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability Mar 30 2016 07:50PM
Murray, Mike (MMurray csuchico edu)
unsubscribe

-----Original Message-----
From: nobody (at) cisco (dot) com [email concealed] [mailto:nobody (at) cisco (dot) com [email concealed]] On Behalf Of Cisco Systems
Product Security Incident Response Team
Sent: Wednesday, March 30, 2016 9:18 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Cc: psirt (at) cisco (dot) com [email concealed]
Subject: Cisco Security Advisory: Cisco Firepower Malware Block Bypass
Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Firepower Malware Block Bypass Vulnerability

Advisory ID: cisco-sa-20160330-fp

Revision 1.0

For Public Release 2016 March 30 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the malicious file detection and blocking features of
Cisco Firepower System Software could allow an unauthenticated, remote
attacker to bypass malware detection mechanisms on an affected system.

The vulnerability is due to improper input validation of fields in HTTP
headers. An attacker could exploit this vulnerability by sending a crafted
HTTP request to an affected system. A successful exploit could allow the
attacker to bypass malicious file detection or blocking policies that are
configured for the system, which could allow malware to pass through the
system undetected.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
co-s
a-20160330-fp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVvKwFq89gD3EAJB5AQIjFg/+MHsKskM68q7HIhF7EB6yN3Pjau4/1bPd
9xYd3UJ1bh9jmrObAlwEIL+P40WUKQCO23Z/66opMboXTBSMLrAe1/2xMevx+6f5
Gkl8V1Ew0Ziona0DE3D3vtdPTmnY19KRpUwIMQbYsiKs2SaxoiX04J5Ny21+Uxvz
xskTGEW0kX7HpZ2kWODmBTyLJS1/59SJ4WNt7Sf57FOsIZRg8tk4de27yavaVqbw
eFZRYRYITnW9Ks231NhJJErM64qCis2r9yNxU5tP6BbL/CDJNbcsbqXif2t4pDCZ
YLTm3sIzfLpmz+YCWSNwcc+UBe34ssmV8zRt3O51mruY7cWKycanvrHq+S9xURix
eVoaw+PWZl5kI0RMqQhT9lKR/INXR2Ek93KNPOJXYKuEk8UJA+mVzphUVJR7tifH
+iPK7SEEPASodgE5S2lP4d5iUV6U590eUABcfSmtbCP1a80lHpjXQVmjqIa3gnEm
Byab7fxjDDGfFcnMdndWyJhEULPgIo5BCg6jMCw9SWvK7u+rSqpA/VaVc3UnvU2K
xBTSm2DKd1t09Fo6x1rk+mLOhZ+Ch+7JLCcJxNJe9J0+a4YyuHE99RgV3WmGqOb3
Kx8ojX5yF6KqT+K4pZx2LKwL8rp+r5lZu40EIz0jrFGhKKXftLOADWqMbFwZOxKR
xUMD/t+aY6s=
=sOTL
-----END PGP SIGNATURE-----
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?Ä0?×0?¿ Å·?õe 0¡ é96Ka¹0
 *?H?÷
 0?1 0 UUS1 0 UMI10U Ann Arbor10U
 Internet210U InCommon1200U)InCommon RSA Standard Assurance Client CA0
160310000000Z
210310235959Z0Í10 U959291
0 U ISEC1+0)U
"California State University, Chico10U 400 W. 1st Street1 0 UCA10 UChico1 0 UUS10U Mike Murray1#0! *?H?÷
 mmurray (at) csuchico (dot) edu0 [email concealed]?"0
 *?H?÷
?0?
??¯îáªû6®sæ?Ì|\AKþ§» ³X±Êú°3ýÔÚb?U9Ò?Ð?úź?#~Dù2¨/.?¿êó#a«?Ò=??qZêóÃg_JU)Z,ÊÉၐF1»k¹?
\VmmÐ?#G¿???dL?Îá??¤Ån¸¼oß'Çèe?²ÍïÜËá¿ië[?E?«ª½árë?f
?LÙivÞ"Z¯*_¼N?ËrùâMäóÂê·zݸ=*¿ ¸?¨? ÿÒR¡;ýð1|#ò¨Í]wòñÔÔÊé¹/;É?@¨eí[Vjŧâ HWà?dAØaÑ¥oÁ}Wý:Aøãç£?ò0?î0U#0?}îqÐë©amf?­+â1Û¼0
Uåª?¨H?¼y õ¤ó²?0Uÿ 0 Uÿ00U%0++0jU c0a0_
+®#0N0L+@https://www.incommon.org/cert/repository/cps
_standard_client.pdf0UUN0L0J H F?Dhttp://crl.incommon-rsa.org/InCom
monRSAStandardAssuranceClientCA.crl0?+~0|0P+0?Dhttp:/
/crt.incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crt0(+
0?http://ocsp.incommon-rsa.org0U0mmurray (at) csuchico (dot) edu0 [email concealed]
 *?H?÷
 ?NàpT?_{e#
»±§Úðâé"'?¤k?óB¦]Ãî\ÌÍ?
?ó^×ñ¾É''?ülúZÇ? ûøØy°>ã?;?60ò&AH; î1¦OÝ»4?c?^ï+]ê;3¶~ÐÛx§%?\Vq«Ö*Àlç?5֐HGÉã.W2?øx÷?G¨¥ ?g?Û¿??s?^h
¦x+xgSse?ÿ?»?®?ÞKKÞ@Þf?(÷Ã¼Ô ¥uGP×å<À¯½P³A?þ?Í7{??Äï?{´8â#m:}£»>¢Ð?/¯`NÁòîÉ㐵þ??Rbmتðjhý~·?
ÈxX' 0?Þ0?Æ ým0ü£ÊQ¨¼d5-0
 *?H?÷
 0?1 0 UUS10U
New Jersey10U Jersey City10U
The USERTRUST Network1.0,U%USERTrust RSA Certification Authority0
100201000000Z
380118235959Z0?1 0 UUS10U
New Jersey10U Jersey City10U
The USERTRUST Network1.0,U%USERTrust RSA Certification Authority0?"0
 *?H?÷
?0?
??e6Ã۳ЬW
víÍ'ÓL­P?a⪠M -d ÜÎ??Ì=©ìöÏÁÜñÓ±Ö{7(+GÚ9Ƽ:´_¦½}£cB¶vò©;+?øâoÐì  >âètÉ´?ÔbdÛ£ñ?j"<¼þð?{öä?ÔäQÆgFQË?T?¼3þ~l?ÿ½Q?5¦§fÈrgÛ!f±Ô
?xÀP:èÌðܼ?Lþ¯?5WZ·ÿÎù=·,¶öTÝÈç:M®L?·\?´· =Ê"4®~;hfDçNFS?3`÷?¾S7sCó2ÃSïÛªþtNiÇk?`?ÞÄÇ ßá2®Ì?;Qx?g?î=Vþ Ðió%&k3m÷nGúsCå~¥f±)|2?cU?Ä
Á?T0¬Ó}7§ë]:l5\ÛA×Ú©I ßØ?? ?b?µfÏ%?Í?¸±?¤9Ù?ëL?|ók©^?̸gâèÌ[?ÓL³í[ÿÞås¬#;-¿5Ut IØIX?6æQ?ó&}M¼ÉìC&пA_@©DDô?çW??PWT¨>ýtc/±Pe æXB.CL´ð%GYú?Ô&FJP²Þ¾x·ügáÉW?cÖébºÖ_U.ê\Æ(%9¸+©òL??
Rõíï/?£B0@0USy¿Zª+JÏT?áØ?Àò²fË0Uÿ0Uÿ
0ÿ0
 *?H?÷
 ?\Ô|
Ï÷}A?e sÅR?ËøÏ?ÚC??UW?ñR<'??(í:7¢vüSPÀ??ÆkNº?!O¢?Ub?óiؼ?ãĪ ýï¨éKU* mUx)î_0\K$Uÿ$?n^*+î M?÷8??C û`©î«? ?^§?jYm??ûÈÑE¯ds(.Åâ$NüXìðôEþ"³ë/?ÒÙEaÁ?o¨vr??6¯¿
Îqæ¦ol¦qbÅØÐ?r ñg? ?Lr4ß¼ÕqߪqÝá¹l?<]eÚ½W¶CkÿåÞMfQÏ?®ì¶èq??ÞIþÝ5q¢'?Ïaã&»o£g%!]æÝ .
h;?¯ì?g?Ô?Qt±¹???ÿx\yJ`.?@®L7*,ÉÇbÈ]÷6[Êà%%´Ý?w?ÐÜÕì=Ôú»?Ì?Öo©-ß
¹÷õ??µ5ÚÃg°?J©(?#?ÿ\'ká°Oóî.ÔY?ËRA?êôG×îdAU|Y?ÝbÂ¹îZ(t?¥?·Ç ßõ?6t2Ö(Á°° à?LÃÖüãiµGF/¢?«ÓcDpčÿ-3º­{µp?®>Ï@(ØüȐ»]?"õRæXÅ?1Cî?
×Æ?<Cj§Þ}=ñbùʐ¨ý0?0?ë ?½4òºRüÓ
W£á¾d0
 *?H?÷

0?1 0 UUS10U
New Jersey10U Jersey City10U
The USERTRUST Network1.0,U%USERTrust RSA Certification Authority0
140919000000Z
240918235959Z0?1 0 UUS1 0 UMI10U Ann Arbor10U
 Internet210U InCommon1200U)InCommon RSA Standard Assurance Client CA0?"0
 *?H?÷
?0?
??þÊ[wwÆì?ûçY?U­Àê?±è&+6 ¢ñ/L:Y@?«?ò@)@%?r)x?j|·dÿüPÛ¨ ÆçÆhG?Ù?ìÝ4?¸d?õÒ&ÙsÔL¦à# n>üú?Õäþ¤¥Fyeå=nè¶N~?áëôfªuÑÛ?náª?òL??^úå iì?Ö`ø¨m?s?§Â{Òñ??ûzc©?¨fºµý³-ÒüË????4½W]
u?f??¼?ѺÁl¸}ëF?uhý°?ø¾³íY?2·q@Uwr¥/7I?+«?ÞìÙM?½^_®3?¿4%Ñb¬5ñ???ÃÛ
§£?d0?`0U#0?Sy¿Zª+JÏT?áØ?Àò²fË0U}îqÐë©amf?­+
â1Û¼0Uÿ?0Uÿ0ÿ0U%0++0
U 
00U 0PUI0G0E C A??http://crl.usertrust.com/USERTrustRSACertificationAut
hority.crl0v+j0h0?+0?3http://crt.usertrust.com/USERTru
stRSAAddTrustCA.crt0%+0?http://ocsp.usertrust.com0
 *?H?÷

?vÓ§Ä?µä½µ?]­?·ÕJÔ?ÿ?DßERNC{?}i<Ó<?¦!é}Ñ?d¶²¸çý9??«?kÅ{Ü?­Tðf£é?2Ïq
±©BÁ-m&>JÊ?Rcõ }r|?"¬ty ð?BX?2 XÞ1=l?TÓr hÊîl@ T0oo5d>ñËi|{såT?î=¯é»{ì´?PBJà.Ø?§¢JéW
ó?c??v?8¯-Ë wôó?maòÝ?-Hð ?D|dÉf?Þhªhé@*DË1??ªjOØÒ?«o4?Æ*ßÞÔ¦jW?áN?¤ Ma±Æ wÐÔ?^r?·! QCd UQóÉß ùL0_ܳ#
ç8)£W¥?øT??g@nàÀµãèk?î'ÌËj,ýÖÃÆ{w,ªq.R¨úC»­[?­}Ê-É?aÊ?þäÿ©?P ŵ®áD¸
Ê,ç«W0åXnõØ?Oâ3ê"ÔT²L?£¨_PÃ?KÆc)£³?È?ÝrKÔî?åZq&?JÞ¸¸5¥Aîáø`¦|
Þýõ¼?åÉ£Ki¿ðJvf£?¹??i]Ù±?¢Ù? ù?ëÙ³.Ç?pö??ìH»¬.
2EÍ`ªfì#ä?QÅ>³tÝÔ¸7?aÙ?×[ ?-yNy}fYô§Þ
ã?s1?&0?"0?0?1 0 UUS1 0 UMI10U Ann Arbor10U
 Internet210U InCommon1200U)InCommon RSA Standard Assurance Client CAÅ·?õe 0¡ é96Ka¹0 + ?[0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
160330195046Z0# *?H?÷
 1ÒÈ=ó³R?ç°à1l·´nì¬0? *?H?÷
 1?0?0  `?He*0  `?He0
*?H?÷
0  `?He0*?H?÷
?0
*?H?÷
@0+0  `?He0  `?He0  `?He0° +?71¢0?0?1 0 UUS1 0 UMI10U Ann Arbor10U
 Internet210U InCommon1200U)InCommon RSA Standard Assurance Client CAÅ·?õe 0¡ é96Ka¹0² *?H?÷
  1¢ ?0?1 0 UUS1 0 UMI10U Ann Arbor10U
 Internet210U InCommon1200U)InCommon RSA Standard Assurance Client CAÅ·?õe 0¡ é96Ka¹0
 *?H?÷
?S?¬÷q"ë£ó|JÚô%Ï?L'Bá~¸½ÿ>Ì#? ~ôk>7zÞÅÉ¿°@Êí6Z?·cóÚN)È»µW?o:j?M,óh_¨È??Éòq0#»©=gÀ9¨=`\%§àEϧ?¿½
?¾?Ýb£P)04½½¶Zó"ß?"ákâï%?;ÝÜÚy9\)Nçkþ9ñ#M?U®=Ú?FpÑ
?£ß?FnT4:g¤½îF øåоRð?>4?¯lçwWô5ò#P?¶Kï$bq´ç ÕùN( 
ê[¶*?G  ½oò"_*קrjáÓ¹<?òë%øö¥;
å

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus