Cisco's Security Agent threatens system availability
It takes no more than a simple port scan to knock Cisco's Security Agent (CSA) for Linux off kilter to the point that the entire system freezes. CSA is intended to protect servers and desktops from attacks. According to the vendor's advisory, vulnerable versions of CSA are contained in Cisco Unified CallManager (CUCM) and in Cisco Unified Presence Server (CUPS). The Unified Call Management software is intended to replace traditional telephone equipment and provide company-wide telephony functionality.
Attackers could exploit the flaw to unleash denial of service attacks and disrupt or crash IP telephony over the network. Cisco reports that the port scan must in fact be executed with special options to provoke the flaw. When performed correctly, it causes CSA to draw upon all system resources. The company declines to elucidate just which options are necessary. CSA versions 4.5 and 5.0 for Linux are affected, and by extension Unified CallManager (CUCM) 5.0 through 5.0(4) and the Unified Presence Server (CUPS) 1.0 including 1.0(2). CSA 5.1 for Linux and the Windows and Solaris versions are not affected. A new version of CSA removes the vulnerability.
- Cisco Security Agent for Linux Port Scan Denial of Service, advisory from Cisco