Guest

Preview Tool

Cisco Bug: CSCzv38297 - [ESA] FreeBSD -- glob(3) related resource exhaustion

Last Modified

Mar 12, 2019

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.6.1-022 8.0.0-000 8.0.1-000 8.0.2-000

Description (partial)

Symptom:
Cisco IronPort Email Security Appliance includes a version of FreeBSD's libc that is affected by the vulnerabilities identified by the following
Common Vulnerability and Exposures (CVE) IDs: 

CVE-2010-2632: An issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory
consumption) via crafted glob expressions that do not match any pathnames. This has been classified by the vendor as having a CVSSv2 score of 7.8
(AV:N/AC:L/AU:N/C:N/I:N/A:C)


This bug was opened to address the potential impact on this product.

Conditions:
Running version of the software prior to the Known Fixed Releases

Related Community Discussions

ED Availability of AsyncOS 9.1.0-032 for ESA
Cisco is pleased to announce a new major release of AsyncOS 9.1.0 for Email.  This release applies to all our Email Security Appliances (C-Series, X-Series, and virtual appliances) with 8GB of RAM, and the C170 appliance.   Please note that the following hardware is  NOT  supported for this release: C160, C360, C660, and X1060    New Enhancements in AsyncOS 9.1.0 for Email File Analysis quarantine improvements:  Messages can now be automatically released or deleted from the centralized File Analysis ...
Latest activity: Apr 30, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.