Preview Tool

Cisco Bug: CSCzv38297 - [ESA] FreeBSD -- glob(3) related resource exhaustion

Last Modified

Mar 12, 2019

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.6.1-022 8.0.0-000 8.0.1-000 8.0.2-000

Description (partial)

Cisco IronPort Email Security Appliance includes a version of FreeBSD's libc that is affected by the vulnerabilities identified by the following
Common Vulnerability and Exposures (CVE) IDs: 

CVE-2010-2632: An issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory
consumption) via crafted glob expressions that do not match any pathnames. This has been classified by the vendor as having a CVSSv2 score of 7.8

This bug was opened to address the potential impact on this product.

Running version of the software prior to the Known Fixed Releases

Related Community Discussions

ED Availability of AsyncOS 9.1.0-032 for ESA
Cisco is pleased to announce a new major release of AsyncOS 9.1.0 for Email.  This release applies to all our Email Security Appliances (C-Series, X-Series, and virtual appliances) with 8GB of RAM, and the C170 appliance.   Please note that the following hardware is  NOT  supported for this release: C160, C360, C660, and X1060    New Enhancements in AsyncOS 9.1.0 for Email File Analysis quarantine improvements:  Messages can now be automatically released or deleted from the centralized File Analysis ...
Latest activity: Apr 30, 2015
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.