vulnerability: Cisco Email Security Appliance DNS SPF Packet Processing Flaw Lets Remote Users Bypass the Anti-Spam Function

Reliability is your mission. It's ours too. Deliver operations visibility and improved resolution times with PagerDuty. Sign up for a free trial.

From our sponsors

1 Full Text Parser copy

This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text.

Cisco Email Security Appliance DNS SPF Packet Processing Flaw Lets Remote Users Bypass the Anti-Spam Function
6/15/2015 12:00:00 AM

Cisco Email Security Appliance DNS SPF Packet Processing Flaw Lets Remote Users Bypass the Anti-Spam Function

SecurityTracker Alert ID: 1032582

SecurityTracker URL: http://securitytracker.com/id/1032582

CVE Reference: CVE-2015-4184 (Links to External Site)

Date: Jun 15 2015

Impact: Host/resource access via network

Vendor Confirmed: Yes

Version(s): 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074; possibly other versions

Description: A vulnerability was reported in Cisco Email Security Appliance. A remote user can bypass the anti-spam function on the target system.

A remote user can send a specially crafted DNS Sender Policy Framework (SPF) text record to the target device to bypass the anti-spam function.

The vendor has assigned bug IDs CSCuu35853 and CSCuu37733 to this vulnerability.

Impact: A remote user can bypass the anti-spam function on the target system.

Solution: No solution was available at the time of this entry.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39339

Vendor URL: tools.cisco.com/security/center/viewAlert.x?alertId=39339 (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS:

Message History: None.

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions