Cisco Wide Area Application Services (WAAS) Edge Services CIFS Optimisation SYN Flood DoS

2007-07-18T18:11:28
ID OSVDB:36120
Type osvdb
Reporter OSVDB
Modified 2007-07-18T18:11:28

Description

Vulnerability Description

Wide Area Application Services (WAAS) contains a flaw that may allow a remote denial of service. The issue is triggered when a flood of SYN packets is received on ports 139 or 445, and will result in loss of availability for the platform.

Solution Description

Upgrade to version 4.0.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Wide Area Application Services (WAAS) contains a flaw that may allow a remote denial of service. The issue is triggered when a flood of SYN packets is received on ports 139 or 445, and will result in loss of availability for the platform.

References:

Vendor Specific Advisory URL Security Tracker: 1018416 Secunia Advisory ID:26122 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0188.html Keyword: TCP port 139 Keyword: TCP port 445 ISS X-Force ID: 35477 FrSIRT Advisory: ADV-2007-2572 CVE-2007-3923 Bugtraq ID: 24956