Cisco Security Agent (CSA) IP packet denial of service
| csa-ip-dos (21344) |  Low Risk |
Description:
Cisco Security Agent (CSA) provides server and desktop security for Microsoft Windows and Solaris platforms. CSA version 4.5 when running on Microsoft Windows, with the exception of Windows XP, is vulnerable to a denial of service attack. A malicious attacker could repeatedly send a specially-crafted IP packet to the Windows workstation or server to cause the device to crash or reload. The device must be restarted to regain normal functionality.
Platforms Affected:
- Cisco, Security Agent 4.5
Remedy:
Upgrade to the latest version of Cisco Security Agent (4.5.1.616, 4.5.0.573 hotfix or later), as listed in Cisco Security Advisory 2005 July 13 1600 UTC (GMT).
Consequences:
Denial of Service
References:
- Cisco Security Advisory 2005 July 13 1600 UTC (GMT), Cisco Security Agent Vulnerable to Crafted IP Attack at http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml.
- Cisco Systems, Inc. Web site, Cisco Security Agent at http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_data_sheet09186a008033a40f.html.
- BID-14247: Cisco Security Agent Crafted IP Packet Denial Of Service Vulnerability
- CVE-2005-2280: Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet.
Reported:
Jul 13, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net