Thread-topic: [SA17413] Cisco IOS System Timers Potential Arbitrary Code Execution
Владимир, да - Secunia более внятно об этом сказала (к сожалению, бюллетень
пришел ко мне после cisco-вского).
>
>
> TITLE:
> Cisco IOS System Timers Potential Arbitrary Code Execution
>
> SECUNIA ADVISORY ID:
> SA17413
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Security Bypass
>
> WHERE:
> From remote
>
> OPERATING SYSTEM:
> Cisco IOS R12.x
>
> Cisco IOS R11.x
>
> Cisco IOS 12.x
>
> Cisco IOS 10.x
>
> Cisco IOS 11.x
>
>
> DESCRIPTION:
> A vulnerability has been reported in Cisco IOS, which potentially can
> be exploited by malicious people to bypass certain security
> restrictions.
>
> The vulnerability is caused due to an error in validating whether
> certain system memory has been corrupted by a heap-based buffer
> overflow before the internal operating system timers execute code
> from the affected memory area. This can potentially be exploited to
> execute arbitrary code in conjunction with some other heap-based
> buffer overflow vulnerability.
>
> The vulnerability has been reported to affect all Cisco products that
> run Cisco IOS Software.
>
> Note: The vendor has reported that the vulnerability was fixed as a
> result of continued research related to the demonstration of an
> exploit for the IPv6 vulnerability.
>
> For more information:
> SA16272
>
> SOLUTION:
> Fixes are available for IOS 12.0, 12.1, 12.2, 12.3 and 12.4 (see
> patch matrix in vendor advisory).
> .
> shtml#software
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by vendor.
>
> ORIGINAL ADVISORY:
>
>
> OTHER REFERENCES:
> SA16272:
>
>
> ----------------------------------------------------------------------
