Vulnerability Note VU#236045

Cisco IOS Firewall Authentication Proxy vulnerable to buffer overflow via specially crafted user authentication credentials

Original Release date: 07 Sep 2005 | Last revised: 08 Sep 2005

Overview

A buffer overflow vulnerability in Cisco IOS Firewall Authentication Proxy may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service.

Description

Cisco IOS Firewall Authentication Proxy is a feature that allows network administrators to apply security policies on a per-user basis. The Firewall Authentication Proxy for FTP and Telnet Sessions feature for Cisco IOS provides proxy authentication for FTP and Telnet services.

Cisco IOS is vulnerable to a buffer overflow when processing user authentication credentials from an Authentication Proxy Telnet or FTP session. According to the Cisco Security Advisory, the following versions of Cisco IOS are affected:

  • 12.2ZH and 12.2ZL based trains
  • 12.3 based trains
  • 12.3T based trains
  • 12.4 based trains
  • 12.4T based trains

Impact

A remote unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition on an affected system.

Solution

Apply a patch or upgrade
Please refer to the "Software Versions and Fixes" section of the Cisco Security Advisory for more information on upgrading.


Disable Cisco IOS Firewall Authentication Proxy feature for Telnet/FTP sessions

Disabling the Cisco IOS Firewall Authentication Proxy feature for Telnet/FTP sessions is reported to prevent exploitation of this vulnerability. Please see the "Workarounds" section of the Cisco Security Advisory.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Affected07 Sep 200507 Sep 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.

This document was written by Will Dormann, based on the Cisco Security Advisory.

Other Information

  • CVE IDs: Unknown
  • Date Public: 07 Sep 2005
  • Date First Published: 07 Sep 2005
  • Date Last Updated: 08 Sep 2005
  • Severity Metric: 21.87
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.