Cisco has issued yet another vulnerability alert for its IOS software. This one involves the Firewall Authentication Proxy for FTP and Telnet Sessions feature in specific versions of the Cisco software.
The feature is vulnerable to a remotely exploitable buffer-overflow condition, according to a Cisco Security Advisory issued this week.
The Firewall Authentication Proxy feature allows network administrators to apply specific security policies on a per-user basis. With Firewall Authentication Proxy for FTP and Telnet Sessions, users can log into network services via FTP and/or Telnet, and their specific access profiles are automatically retrieved and applied from a Remote Authentication Dial In User Service, or Terminal Access Controller Access Control System Plus authentication server.
But the software is vulnerable to a denial-of-service attack and potentially an arbitrary code execution attack when processing the user authentication credentials from an Authentication Proxy Telnet/FTP session. To exploit this vulnerability an attacker must first complete a TCP connection to the IOS device running affected software and receive an "auth-proxy" authentication prompt, the advisory states.
The affected software versions are IOS 12.2ZH and 12.2ZL, 12.3, 12.3T, 12.4 and 12.4T. Cisco said it is not aware of any malicious use of the vulnerability.
Cisco has made free software available to address this vulnerability and published workarounds in the advisory to mitigate the effects of the vulnerability.
Cisco issues a few security advisories a month. Observers commend Cisco for its usually proactive communication, yet the advisories indicate just how vulnerable routers and router software can be to attack.
In one recent episode, Cisco attempted to conceal notification of a vulnerability. At the Black Hat security conference in July, Cisco and Internet Security Systems threatened legal action against a security researcher who planned to deliver a presentation on some unpublished vulnerabilities found in Cisco routers and IOS software.
Cisco even went to such lengths as to tear the presentation materials out of conference handbooks. The researcher, Michael Lynn, delivered the presentation anyway and later reached a legal settlement with Cisco and ISS enjoining him from disseminating his findings.
Cisco subsequently issued a security advisory related to Lynn's presentation.