Cisco CSA BoF advisory fits the pattern away from the OS and deeper into the kernel

In yesterday’s post, we noted that the Sans 2007 Top 20 list contains some obvious trends away from OS components targeted by network worms and more towards third party components.

Today’s Cisco Security Agent Advisory is a casualty in that direction. CSA is Cisco’s host-based security product (it would be installed on your system like any other piece of software) that makes for a juicy remote exploit target because it’s remotely accessible. This vulnerability, unfortunately, also leads further down the path of complexity and into the kernel:
“A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.”

This entry was posted in Virus News and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>