Vulnerability Bulletins |
Desbordamiento de búfer en Cisco Security Agent para Windows |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Networking |
Affected software | Cisco Security Agent for Windows |
Description |
|
Se ha encontrado una vulnerabilidad del tipo desbordamiento de búfer en Cisco Security Agent. La vulnerabilidad reside en la forma en que manipula segmentos TCP destinados a los puertos 139 y 445. Un atacante remoto con una sesión TCP establecida podría ejecutar código arbitrario con privilegios administrativos o causar una denegación de servicio del sistema Windows |
|
Solution |
|
Actualización de software Cisco Managed Cisco Security Agents 4.5.1 / Hotfix 4.5.1.672 Managed Cisco Security Agents 5.0 / Hotfix 5.0.0.225 Managed Cisco Security Agents 5.1 / Hotfix 5.1.0.106 Managed Cisco Security Agents 5.2 / Hotfix 5.2.0.238 http://www.cisco.com/pcgi-bin/tablebuild.pl/csahf-crypto?psrtdcat20e2 Cisco Security Agent for Cisco IP Communications Products 4.5.1 / CUCM-CSA-4.5.1.672-2.0.7-k9.exe Cisco Security Agent for Cisco IP Communications Products 5.0 / CUCM-CSA-5.0.0.225-3.0.7-k9.exe http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des?psrtdcat20e2 Cisco Security Agent for Cisco Security Manager / Hotfix fcs-csamc-hotfix-5.2.0.238-w2k3-k9-CSM.zip http://www.cisco.com/pcgi-bin/tablebuild.pl/csm-app?psrtdcat20e2 |
|
Standar resources |
|
Property | Value |
CVE | CVE-2007-5580 |
BID | |
Other resources |
|
Cisco Security Advisory (cisco-sa-20071205-csa) http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2007-12-07 |