Wednesday, September 07, 2005

Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow

Via the Cisco web site.

The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.

Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.

Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.

Only devices running certain versions of Cisco IOSĀ® are affected.

Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.

Affected Products
Vulnerable Products
Devices that are running the following release trains of Cisco IOS are affected if Firewall Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface.

12.2ZH and 12.2ZL based trains
12.3 based trains
12.3T based trains
12.4 based trains
12.4T based trains

To determine the software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as "Internetwork Operating System Software" or simply "IOS." On the next line of output, the image name will be displayed between parentheses, followed by "Version" and the Cisco IOS release name. Other Cisco devices will not have the show version command, or will give different output.

The following example identifies a Cisco 7200 router running Cisco IOS release 12.3(10a) with an installed image name of C7200-JK8O3S-M. 
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-JK8O3S-M), Version 12.3(10a), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2004 by cisco Systems, Inc.

Additional information about Cisco IOS release naming can be found at http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_white_paper09186a008018305e.shtml.

Refer to the Details section for more information about affected and unaffected configurations.

Products Confirmed Not Vulnerable
Products that are not running Cisco IOS are not affected

Products that are running Cisco IOS versions 12.2 and earlier (including 12.0S) are not affected. (excluding 12.2ZH and 12.2ZL)

Products that are running Cisco IOS are not affected unless they are configured for Firewall Authentication Proxy for FTP and/or Telnet Sessions.

Products that are running Cisco IOS XR are not affected

No other Cisco products are currently known to be affected by this vulnerability.

posted by Fergie @ 9/07/2005 09:44:00 AM

0 Comments:

Post a Comment

<< Home