Cisco Cisco Email Security Appliance C680

This section describes the issues resolved in the Cisco IronPort AsyncOS 7.3.1 for 
Email release.

83262

Fixed: FreeBSD telnetd Remote Code Execution Vulnerability

This hot patch fixes a vulnerability in the Cisco IronPort Email Security appliance that 
could have allowed a remote, unauthenticated attacker to execute arbitrary code with 
elevated privileges.

For more information on the vulnerability, see the Cisco security advisory at 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2012
0126-ironport

75758, 75761

Fixed an issue where a FIPS-compliant Email Security appliance was only partially 
reset after the third failed login attempt from an SSH connection to the CLI and the 
appliance was not accessible by SSH or HTTPS. This issue has been resolved. Now, 
after the third failed login attempt in a row, the appliance deletes its certificates, resets 
the HSM card, and schedules a system reboot before closing the SSH connection.

81754

The DigiNotar blacklist solution added in the previous release contained a defect that 
resulted in the email process restarting or becoming unresponsive due to certain types 
of TLS traffic. This issue has been resolved and the email process errors no longer 
occurs.