Cisco identified five flaws, all of which are independent of one another.
An attacker who successfully exploits four of the new issues -- an erroneous SIP processing vulnerability, an IPSec client authentication processing vulnerability, an SSL VPN memory leak vulnerability or an SSL VPN URI processing error vulnerability -- can trigger a device reboot. An attacker who repeatedly causes a device to reboot can effect a DoS attack, Cisco warned.
The information disclosure vulnerability stems from a flaw in the way in which the affected Cisco devices handle clientless SSL VPN sessions. An attacker who successfully exploits this vulnerability could obtain user and group credentials, assuming that he or she somehow turns up a "rogue system or document."
The vulnerabilities were privately reported by customers, according to Cisco.
Cisco has released software updates for both its ASA and PIX platforms.
Cisco and HP Partner for UC
GLSA 200808-12 Postfix: Local privilege escalation vulnerability
