{"vuid":"VU#236045","idnumber":"236045","name":"Cisco IOS Firewall Authentication Proxy vulnerable to buffer overflow via specially crafted user authentication credentials","keywords":["Cisco","IOS Firewall Authentication Proxy","buffer overflow","DoS","denial of service","remote code execution","user authentication credentials","ftp","telnet"],"overview":"A buffer overflow vulnerability in Cisco IOS Firewall Authentication Proxy may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service.","clean_desc":"Cisco IOS Firewall Authentication Proxy is a feature that allows network administrators to apply security policies on a per-user basis. The Firewall Authentication Proxy for FTP and Telnet Sessions feature for Cisco IOS provides proxy authentication for FTP and Telnet services. Cisco IOS is vulnerable to a buffer overflow when processing user authentication credentials from an Authentication Proxy Telnet or FTP session. According to the Cisco Security Advisory, the following versions of Cisco IOS are affected: 12.2ZH and 12.2ZL based trains\n12.3 based trains\n12.3T based trains\n12.4 based trains\n12.4T based trains","impact":"A remote unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition on an affected system.","resolution":"Apply a patch or upgrade\nPlease refer to the \"Software Versions and Fixes\" section of the Cisco Security Advisory for more information on upgrading.","workarounds":"Disable Cisco IOS Firewall Authentication Proxy feature for Telnet/FTP sessions Disabling the Cisco IOS Firewall Authentication Proxy feature for Telnet/FTP sessions is reported to prevent exploitation of this vulnerability. Please see the \"Workarounds\" section of the Cisco Security Advisory.","sysaffected":"","thanks":"Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.","author":"This document was written by Will Dormann, based on the Cisco Security Advisory.","public":["http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml","http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/iosfw2_1.htm","http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/ftp_tel.htm","http://xforce.iss.net/xforce/xfdb/22174","http://www.securityfocus.com/bid/14770","http://secunia.com/advisories/16719"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-09-07T17:33:25Z","publicdate":"2005-09-07T00:00:00Z","datefirstpublished":"2005-09-07T20:05:40Z","dateupdated":"2005-09-09T02:50:40Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"15","cam_impact":"18","cam_easeofexploitation":"9","cam_attackeraccessrequired":"15","cam_scorecurrent":"21.87","cam_scorecurrentwidelyknown":"25.2871875","cam_scorecurrentwidelyknownexploited":"38.9559375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":21.87,"vulnote":null}