---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Cisco IOS Regular Expressions Denial of Service SECUNIA ADVISORY ID: SA26798 VERIFY ADVISORY: http://secunia.com/advisories/26798/ CRITICAL: Not critical IMPACT: DoS WHERE: Local system OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling regular expressions containing repetition operators and pattern recalls. This can be exploited to cause a stack overflow by sending a command with specially crafted regular expressions to the command line interface. Successful exploitation causes the device to crash and requires a reboot, but requires valid user credentials. The vulnerability is reported in versions 12.0, 12.1, 12.2, 12.3, and 12.4. SOLUTION: Restrict access to trusted people only. PROVIDED AND/OR DISCOVERED BY: Sebastian Wiesinger ORIGINAL ADVISORY: http://www.cisco.com/en/US/products/products_security_response09186a00808bb91c.html OTHER REFERENCES: https://puck.nether.net/pipermail/cisco-nsp/2007-August/043002.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------