Cisco IOS Long HTTP GET Request Overflow

2003-07-31T04:51:51
ID OSVDB:2342
Type osvdb
Reporter OSVDB
Modified 2003-07-31T04:51:51

Description

Vulnerability Description

A remote overflow exists in Cisco IOS. The built-in Web Server fails to handle very large GET requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to execute resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version recommended in Cisco product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Cisco IOS. The built-in Web Server fails to handle very large GET requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to execute resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Advisory URL Secunia Advisory ID:9397 Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2003-08/0094.html CVE-2003-0647 CERT VU: 579324 Bugtraq ID: 8373