Security hole in Cisco Wireless Control System
Network appliance vendor Cisco has on Thursday issued a security advisory warning concerning a hole in its Wireless Control System software for managing wireless LANs. An error in the Apache Tomcat mod_jk.so
module can be exploited remotely. A software update is available to close the hole.
The processing of address strings longer than 4095 bytes by the Tomcat Java server mod_jk.so
module could overflow a buffer on the stack allowing injected code to be executed. No authentication is required. This error has been known since last March, and was eliminated by the developer at that time.
According to the Cisco security advisory, exploits of the vulnerability already exist. Administrators are urged to install the updated software version of WCS for Linux and Windows 4.0.100.0 or 4.2.62.0 provided by Cisco for registered users.
- Cisco Wireless Control System Tomcat mod_jk.so Vulnerability, security advisory from Cisco
- Buffer overflow in Tomcat Java web server, heise Security news
(mba)