Cisco Flaw Opens Routers to Attack

Jack writes "Cisco is suffering from a serious flaw in its router operating system, which might allow execution of remote code: 'Cisco has warned of a new flaw in its IOS router operating system which might be used by attackers to launch denial of service attacks or take over IOS-based devices. The flaw causes to buffer overflow due to incorrect handling of user authentication credentials.'"

The Cisco Advisory

[MECC]

Here's a link to the cisco advisory
I noticed the linked article didn't have that link, and its viewable by the Internet public. Let's see how Cisco holds up to the mighty /. effect.

Affected Versions

[gulfan]

Affected versions include IOS 12.2ZH, IOS 12.2ZL, IOS 12.3, IOS 12.3T, IOS 12.4 and IOS 12.4T. IOS versions that are not vulnerable are IOS XR and IOS versions 12.2 and earlier, including 12.0S. This shouldn't be a problem for those Network Administrators that created access control lists for modifications for the router, however Cisco has issued a patch.

ip auth-proxy

[ctime]

The bug effects systems running ip auth-proxy , I feel bad for anyone that has to run it. I played with it a bit while experimenting wireless security schemes and I found it to be useless (to be fair it wasn't designed for it, either)

If you are someone you know are running any of the following versions of code, please think of the baby seals and upgrade. That is all.

Devices that are running the following release trains of Cisco IOS are affected if Firewall Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface.
12.2ZH and 12.2ZL based trains 12.3 based trains 12.3T based trains 12.4 based trains 12.4T based trains

Re:defcon?

[MightyMartian]

There are no flaws in Cisco's IOS. If there was, no one would be allowed to talk about it, and anyone who did would be threatened and forced to recant. Thusly, there are no Cisco vulnerabilities. The Cisco Inquisition will take care of those who actually dare to question the sanctity of the Church of Cisco, and its most holy IOS. This whole topic is clearly in violation of that most sacred tenet, and thus the Cisco Inquisition has determined that Slashdot advocates heresy. It will be duly noted and CmdrTaco will be forced to recant the very existence of this topic.

Cisco IOS Firewall Authentication Proxy

[RaZ0r]

article text
Summary

The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.

Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.

Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.

Only devices running certain versions of Cisco IOS® are affected.

Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.

This means that only equipment that is configured to act as an authenticatoin proxy for FTP and/or telent are affected.

I work with cisco equpment every day and this is not a normal service to have configured. This exploit probably isn't as big of a deal as its being made out to be. Just my 2 cents...

Details and Mike Lynn

[Effugas]

No. Mike's "first cut" was against the link-local IPv6 parser (a fact not disclosed publically by Mike, but by Cisco). Once in, he actually figured out how to execute arbitrary code -- something way harder than even Mike's slides describe.

He could get into pretty much any Cisco router w/ his attack, whereas this proxy attack isn't going to affect anything on the global net.