TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products

http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml

Related to CVE-2008-4609 (SA1180), Cisco has reported on which versions
of their Software is vulnerable to this TCP State Manipulation DoS.

This vulnerability could lead to resource exhaustion on Cisco products,
requiring them to be rebooted in order to continue service. These
products are affected.

Cisco IOS Software
Cisco IOS-XE Software
Cisco CatOS Software
Cisco Adaptive Security Appliance (ASA) and Cisco PIX
Cisco NX-OS Software

It is important to note that "[n]etwork devices are not directly
impacted by TCP state manipulation DoS attacks transiting a device;
however, network devices that maintain the state of TCP connections may
be impacted."

This means that only devices that can be connected to TCP ports directly
are vulnerable. With proper ACLs, this issue can be contained to a
small subset of network addresses.

Thanks,
ep