Cisco Security Appliances at Risk

Tuesday, January 31, 2012 @ 03:01 PM gHale


There is a vulnerability in Cisco’s telnet server used in its IronPort Email Security Appliances (ESA) and IronPort Security Management Appliances (SMA) monitoring solutions, company officials said.

An attacker could exploit the vulnerability via remotely execute code on a system by sending a specially crafted command to the telnet daemon (telnetd).

RELATED STORIES
OpenSSL Patches Bug Offered in Fix
OpenSSL Offering Patches 6 Flaws
Google Looks at HTTPS Security
Google Fixes Chrome Hole, Again

A buffer overflow in the encrypt_keyid() function causes the server to execute the injected code with system privileges. Cisco has yet to provide a patch.

Users who wish to protect their systems from compromise need to deactivate the Telnet server. Instructions are in the advisory.

The vulnerability in telnetd first became public knowledge in mid-December in connection with FreeBSD. Shortly thereafter it became clear the vulnerability could also suffer an exploit with Linux.

Updates are available for distributions, including Red Hat and Debian. Kerberos 5 (krb5-appl) up to and including version 1.0.2 and Heimdal up to and including version 1.5.1 are also suffering from the vulnerability. The vulnerability is already seeing exploits and an exploit for the vulnerability is freely available.



Leave a Reply

You must be logged in to post a comment.