In association with heise online

13 October 2007, 16:20

Vulnerabilities in Cisco products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco has reported the discovery of a vulnerability in the IOS line printer daemon (LPD). Attackers may be able to exploit the flaw to cause a system to crash or to compromise it. A buffer overflow occurs in the handling of excess length host names. However, for the attack to succeed, the attacker has to be able to manipulate the hostname. The LPD is disabled by default. An IOS update has been released to remedy the problem.

Another problem occurs during the conversion of the CiscoWorks Wireless LAN Solution Engine (WLSE) into a Cisco Wireless Control System (WCS). The report says that the conversion tool creates administrator accounts with default credentials. Attackers could thereby get complete control of the system. Only WCS systems converted from a WLSE system using the Convert Utility up to and including version 4.1.91.0 are affected. Cisco recommends that administrators set secure passwords for all accounts.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733776
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit