Cisco removes vulnerabilities in its Global Site Selector
Cisco has pointed out a weakness in its Application Control Engine Global Site Selector (GSS ACE). A sequence of specific DNS requests can be used to crash the DNS service, making it unavailable to other users of the DNS service. Repeated use of the sequence can result in a denial of service.
All versions of the software prior to version 3.0(1) are affected, but if a device has been configured with Cisco Network Registar (CNR) then according to Cisco's advisory that device is not vulnerable. The advisory lists the Cisco GSS 4480, GSS 4490, GSS 4491 and GSS 4492R as vulnerable. The problem is fixed in version 3.0(1), but Cisco recommends updating to the already available 3.0(2) – (link is to Cisco log in).
See Also:
- Cisco Global Site Selector Appliances DNS Vulnerability, Cisco advisory
(djwm)