Cisco Security Advisory - A vulnerability in the Common Internet File System (CIFS) optimization feature of the Cisco Wide Area Application Service (WAAS) device could allow an unauthenticated, remote attacker to perform a resource consumption attack which, could result in a complete denial of service (DoS) condition. The vulnerability is due to insufficient flow handling of incoming CIFS traffic. An attacker could exploit this vulnerability by sending malicious traffic designed to trigger the vulnerability. An exploit could allow the attacker to cause a DoS condition by exhausting system buffering resources, resulting in a reload of the affected device.
2715d13cf76692d67920e23b151a377b19a7661e7d9c847e77de82e2caad3f1c-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Wide Area Application Service CIFS Denial of Service Vulnerability
Advisory ID: cisco-sa-20160127-waascifs
Revision 1.0
For Public Release 2016 January 27 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the Common Internet File System (CIFS) optimization
feature of the Cisco Wide Area Application Service (WAAS) device could
allow an unauthenticated, remote attacker to perform a resource
consumption attack which, could result in a complete denial of service
(DoS) condition.
The vulnerability is due to insufficient flow handling of incoming CIFS
traffic. An attacker could exploit this vulnerability by sending
malicious traffic designed to trigger the vulnerability. An exploit
could allow the attacker to cause a DoS condition by exhausting system
buffering resources, resulting in a reload of the affected device.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVqfRmq89gD3EAJB5AQJDDxAAn8gJTfbn8TEzTYDMNETTOy3xObGLUA6f
70wnslFvQz4hgV4J9Op6PC54PtEyuu9DE2w2cS2QfOGmIUN1zH1+/C7HSRCaS5xc
nYftgXwI/aW4bay9mUDi5ONiz/6akZrSQ9uJhsTvs+UWe0UmMy1UTeOUj738P8g4
pwjaMgSWoxp5uyHGfGg3fs5ZUIajb/VbpMMV55p3J267W/Hbq6JPOp7VkZ6IAF6p
q47BjgWzPLtTOTzlEce5U/QRrHD3nSCMp3o6jZEupJV+oX6UlrjFIEz/rYunlFDp
wzOsvl3qgzK4Nk9x3obmBbVCbYqJoRgEC8RBOHAFfs8cOrT3tKSTYhGdnfxt2+Nw
NbEV/6QoMDb6fQA45hTbL5wQxm4ZRkghMhynnfK4mZF6be/vySa5rywAOrTXmeqf
h2P7QxxcH2AW64nx8EN2sPnKQNVckwp6aOtAYAKsZGU3ig5OCNu6BzggVyvSrFHw
oD5UffKaWcmsKq7c+y3G8eyNep0wlmjZsai/TlrpKPMWyr5Tu/xD0SavJJXtu/o8
B+BF8xG8Fft60gE1hD6aWCYOna0MGYx6ElFIBxnOs69f7DREpvuEFunyUsrV0kL4
5+Zh1pL+G2thymron/FLZl98itQInoHhXCFlkjg3fz5CL/rZbeEkXNXDbK/Dh8ii
dc5T22b+OmA=
=76fK
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed