Cisco fixes 'decoy attack' in security software
CSA pop-up bug
Cisco has discovered a security flaw in its Cisco Security Agent software (CSA. This could be exploited by attackers to circumvent the security provided by the host-based intrusion prevention product. The network giant has issued a patch to fix the vulnerability.
A flaw in the function that detect buffer overflow attacks means the second of two closely spaced attacks might avoid detection. The system under attack must contain an unpatched underlying vulnerability in system software that CSA is configured to protect.
This is a subtle attack that is probably beyond the scope of most s'kiddies. But it poses a real danger: the vulnerability has been discussed in underground hacker forums, according to Cisco.
It advises users of potentially vulnerable systems to upgrade to version 220.127.116.118 or later of CSA, as explained here. As a workaround, customers can disable user interaction in CSA. ®