Advisory Released About Cisco Security Agent Vulnerabilities for Windows

On December 5, 2007, Cisco issued alerts regarding bugs in CiscoWorks Server and Cisco Security Agent for Microsoft Windows.

The bug exists in a driver utilized by the client software. By transmitting offensively created information to the computer, hackers could develop a buffer overflow situation due to infection in the core memory of Windows, resulting in the computer to break down.

The recently issued Cisco advisory discussed a buffer overflow flaw in the Cisco Security Agent (CSA) for Microsoft Windows, resulting in a likely remote exploitation of this flaw, stated Internet Storm Center's handler Daniel Wesemann in a web post, InformationWeek on December 6, 2007. CSA is a 'private firewall' type of ware, that's often installed as security against precisely the kind of risk that the component itself is presently exposed to.

Though the leading security company Secunia ranked the vulnerability as "fairly critical", but Cisco cautioned that hackers could exploit the flaw to run malware on the Windows PC. The flaw was discovered in all variants of Cisco Security Agent for Microsoft Windows (irrespective of whether managed or unmanaged).

Chief of Qualys vulnerability research lab, Amol Sarwate, pointed the Security Agent vulnerability since a hacker does not require user interface to corrupt a computer, as reported on December 6, 2007 by SCMAGAZINE. This is known as an old school flaw where a hacker can transmit data packets from afar, initiating a stop error in Windows holding that specific drive or to execute an arbitrary (executable) code. He added that it had been allotted the security rank of 10.

Wesemann remarks that in 2004, this kind of a flaw would in all probability cause a wave of worms, but today, random spyware deployment is a probable result. The end result is still unchanged: in case the infected part is being used, then its better to fix it immediately, he maintained.

All through the attack, malware is implanted within a URL and linked to a failed login effort or reload, indicated Cisco's warning.

A hacker could utilize social engineering to persuade an innocent user to pursue a vicious link, stated Cisco, which urged users to fix both vulnerabilities.

Cisco also alerted about a flaw in CiscoWorks Common Services, which can be targeted by cross-site scripting (XSS) strikes from the CiscoWorks Server access page while using the OS Windows or Solaris.

» SPAMfighter News - 12/18/2007