In association with heise online

26 October 2006, 14:30

Cisco's Security Agent threatens system availability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

It takes no more than a simple port scan to knock Cisco's Security Agent (CSA) for Linux off kilter to the point that the entire system freezes. CSA is intended to protect servers and desktops from attacks. According to the vendor's advisory, vulnerable versions of CSA are contained in Cisco Unified CallManager (CUCM) and in Cisco Unified Presence Server (CUPS). The Unified Call Management software is intended to replace traditional telephone equipment and provide company-wide telephony functionality.

Attackers could exploit the flaw to unleash denial of service attacks and disrupt or crash IP telephony over the network. Cisco reports that the port scan must in fact be executed with special options to provoke the flaw. When performed correctly, it causes CSA to draw upon all system resources. The company declines to elucidate just which options are necessary. CSA versions 4.5 and 5.0 for Linux are affected, and by extension Unified CallManager (CUCM) 5.0 through 5.0(4) and the Unified Presence Server (CUPS) 1.0 including 1.0(2). CSA 5.1 for Linux and the Windows and Solaris versions are not affected. A new version of CSA removes the vulnerability.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit