---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco IOS Authentication Proxy for FTP/Telnet Buffer Overflow SECUNIA ADVISORY ID: SA16719 VERIFY ADVISORY: http://secunia.com/advisories/16719/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error when the Authentication Proxy FTP/Telnet is processing user authentication credentials. This can be exploited to cause a buffer overflow. Successful exploitation causes a reload of the device and may allow arbitrary code execution, but requires that Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface. The vulnerability is reported in the following versions: * 12.2ZH and 12.2ZL based trains * 12.3 based trains * 12.3T based trains * 12.4 based trains * 12.4T based trains SOLUTION: Fixes are available (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml OTHER REFERENCES: US-CERT VU#236045: http://www.kb.cert.org/vuls/id/236045 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------