In association with heise online

21 January 2010, 15:48

Cisco reports vulnerabilities in products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco Logo Cisco has discovered a buffer overflow in version 2.6 of CiscoWorks Internetwork Performance Monitor (IPM) and previous versions for Windows; the flaw allows attackers to compromise vulnerable systems remotely. The vendor says that attackers only need a specially crafted "CORBA GIOP" request. IPM 2.x for Solaris and IPM 4.x for Windows and Solaris are not affected. Cisco will not be providing an update, but instead recommends that users upgrade to the current version.

Cisco is also reporting the discovery of a denial-of-service (DoS) vulnerability in Cisco IOS XR that allows flawed packets to cause individual SSH processes to crash. According to the description, entire systems could also be detrimentally affected because each successful attack occupies a little more memory. An update (see Software Versions and Fixes in the second advisory) remedies the flaw.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-910233
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit