Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1112

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-1112
Last Modified 05 Sep 2008 04:40:25
Published 10 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-1112

Summary

The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.

Vulnerable Systems

Application

  • Cisco Security Agent 3

  • Cisco Security Agent 4.0

  • Cisco Security Agent 4.0.1

  • Cisco Security Agent 4.0.2

  • Cisco Security Agent 4.0.3

  • Okena Stormwatch 3.x


References

XF - csa-buffer-protection-bypass(18037)

BID - 11659

CISCO - 20041111 Crafted Timed Attack Evades Cisco Security Agent Protections

CIAC - P-036


Last Updated: 27 May 2016 10:38:54