SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Email Security Appliance Vendors:   Cisco
Cisco Email Security Appliance Advanced Malware Protection Bug in Processing UUencoded Files Lets Remote Users Cause the Target System to Crash
SecurityTracker Alert ID:  1037124
SecurityTracker URL:  http://securitytracker.com/id/1037124
CVE Reference:   CVE-2016-1486   (Links to External Site)
Date:  Oct 27 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.7.1 and after
Description:   A vulnerability was reported in Cisco Email Security Appliance. A remote user can cause the target system to stop forwarding messages.

A remote user can send an email message with a specially crafted UUencoded file that, when scanned by the target system, will trigger a flaw in the Advanced Malware Protection (AMP) function and cause the mail handling process to restart and attempt to scan the file again.

The vendor has assigned bug ID CSCuy99453 to this vulnerability.

Impact:   A remote user can cause the target system to stop scanning and forwarding messages.
Solution:   The vendor has issued a fix (9.7.2-065, 10.0.0-203).

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC