Vulnerabilities > CVE-2004-1112 - Buffer Overflow Protection Bypass vulnerability in Cisco Security Agent

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

cisco

okena

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Security Agent 3 Cisco Security Agent 4.0 Cisco Security Agent 4.0.1 Cisco Security Agent 4.0.2 Cisco Security Agent 4.0.3	5
Application	Okena Okena Stormwatch 3.X	1

References

http://www.ciac.org/ciac/bulletins/p-036.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml
http://www.securityfocus.com/bid/11659
https://exchange.xforce.ibmcloud.com/vulnerabilities/18037