[原文]The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
Cisco Security Agent contains a flaw that may allow a malicious user to bypass buffer overflow protection. The issue is triggered when an attacker sends specially timed attacks. It is possible that the flaw may allow the attacker to bypass protection and execute arbitrary code resulting in a loss of integrity.
Upgrade to version 4.0.3 (728) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.