Home > Security News > Cisco fixes fresh flaws in IOS
Security News:
EMAIL THIS

Cisco fixes fresh flaws in IOS

By SearchSecurity.com Staff
10 May 2007 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Cisco Systems has fixed a pair of flaws in its Internetwork Operating System (IOS) that attackers could exploit to cause a denial of service or tamper with data in a device's file system.

The IOS improperly verifies user credentials within the FTP server, Cisco said in an advisory. Remote attackers could exploit this to "bypass the authentication process and retrieve or write any file from the device file system (including the configuration file)," the networking giant added. Also, an error in the FTP server surfaces when certain files are transferred. Remote attackers could use the error to cause a vulnerable device to reload, creating a denial-of-service condition.

The flaws affect Cisco IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4.

However, the IOS FTP server is an optional service disabled by default, Cisco noted. Devices that are not specifically configured to enable the IOS FTP server service are unaffected by the flaws.

Cisco has released a fix for the problems

Tags: Security Patch ManagementVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Security Patch Management
Adobe fixes critical Shockwave Flash Player flaw
Mozilla patches 11 Firefox security flaws, JavaScript errors
Microsoft patches WebDAV security vulnerability in bevy of updates
Adobe issues first quarterly patch release fixing 13 flaws
Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities
Adobe shifts to Microsoft patching process, incident response plan
Software delivery could fix software patching issues
Microsoft updates Office to address serious PowerPoint vulnerabilities
Microsoft to patch critical PowerPoint zero-day flaw
Firefox update addresses several security flaws

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
attack vector  (SearchSecurity.com)
back door  (SearchSecurity.com)
ethical worm  (SearchSecurity.com)
Patch Tuesday  (SearchSecurity.com)
zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts