OSVDB ID: 39521

Title: Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow

Info

Disclosure

Dec 05, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Cisco Security Agent. The HIPS fails to properly bounds check user input to SMB resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Security Software

Solution

Cisco has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): -Filters that deny SMB protocol packets using TCP ports 139 and 445 should be deployed

Products

Cisco Systems, Inc.

Cisco Security Agent

5.1.79

References

Security Tracker: 1019046
CVE ID: 2007-5580 (see also: NVD)
Bugtraq ID: 26723
Secunia Advisory ID: 27947
VUPEN Advisory: ADV-2007-4103
Vendor Specific News/Changelog Entry: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl00618
Vendor Specific Advisory URL: http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml
Other Advisory URL: http://www.nsfocus.com/english/homepage/research/0702.htm

Credit

Cisco Product Security Incident Response Team (PSIRT) - psirtcisco.com - Cisco Systems, Inc.

Direct URL: http://osvdb.org/39521