Bugtraq mailing list archives
Phenoelit Advisory, 0815 ++ * - Cisco_tftp
From: kim0 <kim0 () phenoelit de>
Date: Sat, 27 Jul 2002 12:01:29 +0200
-- kim0 <kim0 () phenoelit de> Phenoelit (http://www.phenoelit.de) 90C0 969C EC71 01DC 36A0 FBEF 2D72 33C0 77FC CD42
Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 ++--> [ Authors ] FX <fx () phenoelit de> FtR <ftr () phenoelit de> kim0 <kim0 () phenoelit de> Phenoelit Group (http://www.phenoelit.de) Advisory http://www.phenoelit.de/stuff/Cisco_tftp.txt [ Affected Products ] Cisco IOS Tested on IOS 11.1 - 11.3 Cisco Bug ID: <not assigned> CERT Vulnerability ID: 689579 [ Vendor communication ] 06/29/02 Initial Notification, security-alert () cisco com & psirt () cisco com *Note-Initial notification by phenoelit includes a cc to cert () cert org by default 06/30/02 Human confirmation from PSIRT @ Cisco 06/30/02 (2) Discussion of detail 07/01/02 Continued discussion for reproducing problem 07/01/02 Receipt, ack. and clarification by CERT () CERT ORG 07/03/02 Continued discussions with PSIRT 07/19/02 Notification of intent to post publically in apx. 7 days. 07/25/02 Final coordination for release. [ Overview ] Cisco Systems Routers are the most widely used routers. Cisco Routers are embedded network devices that run a dedicated Operating System, the Cisco IOS. [ Description ] The Cisco IOS integrated TFTP server suffers from a buffer overflow condition. When requesting a file name with approximately 700 characters, the device crashes and may reboot. This only happens, if the served file is on a flash device and no alias is assigned to it. Vulnerable: router# conf t router# tftp-server flash:ios_11.3_a-b-c-d.bin Not vulnerable: router# conf t router# tftp-server flash:ios_11.3_a-b-c-d.bin alias TheStuff [ Example ] OpenBSD# tftp cisco53.navy.smil.mil tftp> get AAAAAAAAA....(700 times) [ Solution ] None available at this time [ end of file ]
Current thread:
- Phenoelit Advisory, 0815 ++ * - Cisco_tftp kim0 (Jul 27)
- Re: Phenoelit Advisory, 0815 ++ * - Cisco_tftp Mike Caudill (Jul 28)