Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability Vendor: Cisco Product web page: http://www.cisco.com Affected version: Cisco Ironport WSA - AsyncOS 8.0.5 for Web build 075 Date: 22/05/2014 Credits: Glafkos Charalambous CVE: CVE-2011-4862 CVSS Score: 7.6 Impact: Unauthenticated Remote Code Execution with elevated privileges Description: The Cisco Ironport WSA virtual appliances are vulnerable to an old FreeBSD telnetd encryption Key ID buffer overflow which allows remote attackers to execute arbitrary code (CVE-2011-4862). Cisco WSA Virtual appliances have the vulnerable telnetd daemon enabled by default. diff --git a/ChangeLog b/ChangeLog index dd381d1..f4e4457 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2011-12-25 Alfred M. Szmidt <[email protected]> + +* libtelnet/encrypt.c (encrypt_keyid): Make sure that LEN never is +greater than MAXKEYLEN. + 2011-12-22 Mats Erik Andersson <[email protected]> * libinetutils/setsig.c (setsig) [HAVE_SIGACTION]: Initialize diff --git a/libtelnet/encrypt.c b/libtelnet/encrypt.c index 06827d9..abfa6d4 100644 --- a/libtelnet/encrypt.c +++ b/libtelnet/encrypt.c @@ -796,6 +796,9 @@ encrypt_keyid (kp, keyid, len) int dir = kp->dir; register int ret = 0; + if (len > MAXKEYLEN) + len = MAXKEYLEN; + if (!(ep = (*kp->getcrypt) (*kp->modep))) { if (len == 0) Trying 192.168.0.160... Connected to 192.168.0.160. Escape character is '^]'. [+] Exploiting 192.168.0.160, telnetd rulez! [+] Target OS - FreeBSD 8.2 amd64 [*] Enjoy your shell uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) uname -a FreeBSD ironport.example.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Mar 14 10:49:50 PDT 2014 [email protected]:/usr/build/iproot/freebsd/mods/src/sys/amd64/compile/MESSAGING_GATEWAY.amd64 amd64 Disclosure Timeline 19-05-2014: Vendor Notification 20-05-2014: Vendor Response/Feedback 27-08-2014: Vendor Fix/Patch 22-10-2014: Public Disclosure References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862 http://www.freebsd.org/security/advisories/FreeBSD-SA-11:08.telnetd.asc http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
Copyright ©2024 Exploitalert.