In association with heise online

31 January 2008, 12:05

Security hole in Cisco Wireless Control System

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Network appliance vendor Cisco has on Thursday issued a security advisory warning concerning a hole in its Wireless Control System software for managing wireless LANs. An error in the Apache Tomcat module can be exploited remotely. A software update is available to close the hole.

The processing of address strings longer than 4095 bytes by the Tomcat Java server module could overflow a buffer on the stack allowing injected code to be executed. No authentication is required. This error has been known since last March, and was eliminated by the developer at that time.

According to the Cisco security advisory, exploits of the vulnerability already exist. Administrators are urged to install the updated software version of WCS for Linux and Windows or provided by Cisco for registered users.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit