Information Security all in one place!

Cisco Security Appliances at risk from Telnet bug

Cisco has warned of a vulnerability in the telnet server used in its IronPort Email Security Appliances (ESA) and IronPort Security Management Appliances (SMA) monitoring solutions. The vulnerability could be exploited by an attacker to remotely execute code on a system by sending a specially crafted command to the telnet daemon (telnetd).

Cisco Systems Logo

Image via Wikipedia

A buffer overflow in the encrypt_keyid() function causes the server to execute the injected code with system privileges. Cisco has yet to provide its customers with a patch. Users who wish to prevent their systems from being compromised need to deactivate the Telnet server – instructions for doing so can be found in the advisory.

The vulnerability in telnetd was first described in mid-December of last year in connection with FreeBSD. Shortly thereafter it became clear that the vulnerability could also be exploited under Linux. Few systems are likely to still be running telnet servers, however.

Updates are available for many distributions, including Red Hat and Debian. Kerberos 5 (krb5-appl) up to and including version 1.0.2 and Heimdal up to and including version 1.5.1 are also affected. The vulnerability is already being actively exploited and an exploit for the vulnerability is freely available.

See also:


One response

  1. Pingback: Yahoo! Messenger v11.5 – Buffer Overflow Vulnerability «

Let's hear what you have to say.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s