cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
600
Views
0
Helpful
5
Replies

WAAS - CVE-2008-5077 - OpenSSL Security Advisory

Paul Pinto
Level 1
Level 1

Hi,

I hope I am addressing this question to the right forum.

We have many customers who have a concern regarding this advisory. It refers to OpenSSL 0.9.8 being the affected version and 0.9.8j being the version that contains the patch for the vulnerability.

We have customers running versions 4.0.19 and 4.1.1c.

My question is, are these customers at risk? If so, when will a release be made available to rectify this?

Thanks

Paul

1 Accepted Solution

Accepted Solutions

It should be available next month.

Thanks,

Dan

View solution in original post

5 Replies 5

htarra
Level 4
Level 4

This condition may occur if a device running WAAS software is configured for Edge Services, which utilizes Common Internet File System (CIFS) optimization and receives a flood of TCP SYN packets on port 139 or 445.

Cisco has made free software available to address this vulnerability for affected customers. Workarounds are available to mitigate the effects of this vulnerability.

dstolt
Cisco Employee
Cisco Employee

Paul,

I have found a DDTS for patching this (CSCsx25549) which will be integrated in release 4.1.3. However, in versions 4.0.19 and 4.1.1c we do not have an AO to accelerate any SSL connections except with TFO, so customer will not be exposed. However in release 4.1.3, we will enable an SSL accelerator, so they are patching for CVE-2008-5077 as appropriate.

Hope that helps,

Dan

Dan,

Thanks very much for the response. Would it be possible to get the details of CSCsx25549 for my record, and curiosity, purposes? Probably pushing my luck, but...

Thanks again for the response.

Paul.

It should be available next month.

Thanks,

Dan

Ok. Will keep an eye out for it.

Thanks Dan.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: