Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

WAAS - CVE-2008-5077 - OpenSSL Security Advisory

Hi,

I hope I am addressing this question to the right forum.

We have many customers who have a concern regarding this advisory. It refers to OpenSSL 0.9.8 being the affected version and 0.9.8j being the version that contains the patch for the vulnerability.

We have customers running versions 4.0.19 and 4.1.1c.

My question is, are these customers at risk? If so, when will a release be made available to rectify this?

Thanks

Paul

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: WAAS - CVE-2008-5077 - OpenSSL Security Advisory

It should be available next month.

Thanks,

Dan

5 REPLIES
Bronze

Re: WAAS - CVE-2008-5077 - OpenSSL Security Advisory

This condition may occur if a device running WAAS software is configured for Edge Services, which utilizes Common Internet File System (CIFS) optimization and receives a flood of TCP SYN packets on port 139 or 445.

Cisco has made free software available to address this vulnerability for affected customers. Workarounds are available to mitigate the effects of this vulnerability.

Cisco Employee

Re: WAAS - CVE-2008-5077 - OpenSSL Security Advisory

Paul,

I have found a DDTS for patching this (CSCsx25549) which will be integrated in release 4.1.3. However, in versions 4.0.19 and 4.1.1c we do not have an AO to accelerate any SSL connections except with TFO, so customer will not be exposed. However in release 4.1.3, we will enable an SSL accelerator, so they are patching for CVE-2008-5077 as appropriate.

Hope that helps,

Dan

New Member

Re: WAAS - CVE-2008-5077 - OpenSSL Security Advisory

Dan,

Thanks very much for the response. Would it be possible to get the details of CSCsx25549 for my record, and curiosity, purposes? Probably pushing my luck, but...

Thanks again for the response.

Paul.

Cisco Employee

Re: WAAS - CVE-2008-5077 - OpenSSL Security Advisory

It should be available next month.

Thanks,

Dan

New Member

Re: WAAS - CVE-2008-5077 - OpenSSL Security Advisory

Ok. Will keep an eye out for it.

Thanks Dan.

311
Views
0
Helpful
5
Replies
CreatePlease to create content