Cisco IOS Firewall Authentication Proxy Buffer Overflow Vulnerability

2005-09-07T00:00:00
ID SMNTC-14770
Type symantec
Reporter Symantec Security Response
Modified 2005-09-07T00:00:00

Description

Description

Cisco IOS Firewall Authentication Proxy is prone to a buffer overflow condition. Successful exploitation of this issue could cause a denial of service or potential execution of arbitrary code. This issue affects the FTP and Telnet protocols, but not HTTP.

Technologies Affected

  • Cisco IOS 12.2SEC
  • Cisco IOS 12.2SG
  • Cisco IOS 12.2SH
  • Cisco IOS 12.2SXF
  • Cisco IOS 12.2ZF
  • Cisco IOS 12.2ZH
  • Cisco IOS 12.2ZL
  • Cisco IOS 12.3
  • Cisco IOS 12.3(10d)
  • Cisco IOS 12.3(12b)
  • Cisco IOS 12.3(13a)
  • Cisco IOS 12.3(3h)
  • Cisco IOS 12.3(5e)
  • Cisco IOS 12.3(6e)
  • Cisco IOS 12.3(9d)
  • Cisco IOS 12.3B
  • Cisco IOS 12.3BC
  • Cisco IOS 12.3BW
  • Cisco IOS 12.3JA
  • Cisco IOS 12.3JK
  • Cisco IOS 12.3T
  • Cisco IOS 12.3XA
  • Cisco IOS 12.3XB
  • Cisco IOS 12.3XC
  • Cisco IOS 12.3XD
  • Cisco IOS 12.3XE
  • Cisco IOS 12.3XF
  • Cisco IOS 12.3XG
  • Cisco IOS 12.3XH
  • Cisco IOS 12.3XI
  • Cisco IOS 12.3XJ
  • Cisco IOS 12.3XK
  • Cisco IOS 12.3XL
  • Cisco IOS 12.3XM
  • Cisco IOS 12.3XQ
  • Cisco IOS 12.3XR
  • Cisco IOS 12.3XS
  • Cisco IOS 12.3XU
  • Cisco IOS 12.3XW
  • Cisco IOS 12.3XY
  • Cisco IOS 12.3YA
  • Cisco IOS 12.3YD
  • Cisco IOS 12.3YF
  • Cisco IOS 12.3YG
  • Cisco IOS 12.3YI
  • Cisco IOS 12.3YJ
  • Cisco IOS 12.3YK
  • Cisco IOS 12.3YQ
  • Cisco IOS 12.3YS
  • Cisco IOS 12.3YT
  • Cisco IOS 12.3YU
  • Cisco IOS 12.3YW
  • Cisco IOS 12.4
  • Cisco IOS 12.4MR
  • Cisco IOS 12.4T

Recommendations

Block external access at the network boundary, unless external parties require service.
To exploit this vulnerability, an attacker must be able to establish a TCP connection to the affected device. Block external access to the device if possible. Only allow connections from trusted hosts and networks.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Intrusion detection systems may detect attempts to exploit this and other latent vulnerabilities across the network. Examine IDS logs regularly for signs of attempted exploitation.

Cisco has released a security advisory and fixes to address this issue. Please see the referenced advisory for information on obtaining firmware updates from Cisco. Cisco has updated advisory 66269 to indicate that IOS 12.2ZH is not vulnerable to this issue and IOS 12.2SH are 12.2ZF versions are affected.