-
Cisco Security Agent (CSA) is a network security software agent that provides threat protection for server and desktop computing systems.
A malicious attacker may be able to send a crafted IP packet to a Windows workstation or server running CSA 4.5 which may cause the device to halt and/or reload.
Repeated exploitation will create a sustained DoS (denial of service).
Cisco has made free software available to address this vulnerability.
This vulnerability is documented in the Cisco Bug Toolkit as Bug ID CSCsa85175 (registered customers only) .
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050713-csa.
-
Vulnerable Products
Cisco CSA version 4.5 when running on any Microsoft Windows platforms except Windows XP.
Products Confirmed Not Vulnerable
The following products are confirmed not vulnerable:
- Cisco CSA 4.0 and earlier
- Cisco CSA while running on Solaris
- Cisco CSA while running on Linux
- Cisco CSA while running on Windows XP
No other Cisco products are currently known to be affected by vulnerability.
-
If a crafted IP packet with certain characteristics are sent to a Windows platform running CSA 4.5, Windows will halt with a blue screen and system crash.
When exploited, the affected machine will require a reboot to become operational again.
This vulnerability is documented in the Cisco Bug Toolkit as Bug ID CSCsa85175 ( registered customers only) .
-
There are no recommended workarounds for this vulnerability. Please see the Obtaining Fixed Software section for appropriate solutions to resolve this vulnerability.
-
This issue is fixed in CSA maintenance version 4.5.1.616 which is available for download at http://www.cisco.com/pcgi-bin/tablebuild.pl/csa.
This issue is also fixed with CSA hotfix version 4.5.0.573 or later which is available for download at http://www.cisco.com/pcgi-bin/tablebuild.pl/csahf-crypto.
A maintenance release is a scheduled revision of Cisco CSA that introduces new features or bug fixes, or both.
A hotfix is Cisco CSA update that delivers fixes on an accelerated schedule that introduce new bug fixes.
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
Cisco would like to thank Ben Collins at InfoSec Research Labs for bringing this to our attention.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.