OSVDB ID: 36120

Title: Cisco Wide Area Application Services (WAAS) Edge Services CIFS Optimisation SYN Flood DoS

Info

Disclosure

Jul 18, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Wide Area Application Services (WAAS) contains a flaw that may allow a remote denial of service. The issue is triggered when a flood of SYN packets is received on ports 139 or 445, and will result in loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.0.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	Wide Area Application Services	4.0.7
		4.0.9

References

Security Tracker: 1018416
CVE ID: 2007-3923 (see also: NVD)
Bugtraq ID: 24956
Secunia Advisory ID: 26122
ISS X-Force ID: 35477
VUPEN Advisory: ADV-2007-2572
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0188.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml
Keyword: TCP port 139 TCP port 445

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36120

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

Wide Area Application Services

References

Credit