Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA17413] Cisco IOS System Timers Potential Arbitrary Code Execution



,  - Secunia      ( ,  
    cisco-). 

> 
> 
> TITLE:
> Cisco IOS System Timers Potential Arbitrary Code Execution
> 
> SECUNIA ADVISORY ID:
> SA17413
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/17413/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Security Bypass
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Cisco IOS R12.x
> http://secunia.com/product/50/
> Cisco IOS R11.x
> http://secunia.com/product/53/
> Cisco IOS 12.x
> http://secunia.com/product/182/
> Cisco IOS 10.x
> http://secunia.com/product/184/
> Cisco IOS 11.x
> http://secunia.com/product/183/
> 
> DESCRIPTION:
> A vulnerability has been reported in Cisco IOS, which potentially can
> be exploited by malicious people to bypass certain security
> restrictions.
> 
> The vulnerability is caused due to an error in validating whether
> certain system memory has been corrupted by a heap-based buffer
> overflow before the internal operating system timers execute code
> from the affected memory area. This can potentially be exploited to
> execute arbitrary code in conjunction with some other heap-based
> buffer overflow vulnerability.
> 
> The vulnerability has been reported to affect all Cisco products that
> run Cisco IOS Software.
> 
> Note: The vendor has reported that the vulnerability was fixed as a
> result of continued research related to the demonstration of an
> exploit for the IPv6 vulnerability.
> 
> For more information:
> SA16272
> 
> SOLUTION:
> Fixes are available for IOS 12.0, 12.1, 12.2, 12.3 and 12.4 (see
> patch matrix in vendor advisory).
> http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.
> shtml#software
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by vendor.
> 
> ORIGINAL ADVISORY:
> http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml
> 
> OTHER REFERENCES:
> SA16272:
> http://secunia.com/advisories/16272/
> 
> ----------------------------------------------------------------------




 




Copyright © Lexa Software, 1996-2009.