Details of VAR-200509-0218

ID

VAR-200509-0218

CVE

CVE-2005-2841

TITLE

Cisco IOS Firewall Authentication Proxy Buffer Overflow Vulnerability

Trust: 1.1

sources: BID: 14770 // JVNDB: JVNDB-2005-000516

DESCRIPTION

Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials. IOS is prone to a denial-of-service vulnerability. Successful exploitation of this issue could cause a denial of service or potential execution of arbitrary code. This issue affects the FTP and Telnet protocols, but not HTTP. Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internetworking -- similar to a Local Area Operating System (NOS), such as Novell's NetWare, optimized for LANs. The vulnerability is caused due to a boundary error when the Authentication Proxy FTP/Telnet is processing user authentication credentials. This can be exploited to cause a buffer overflow. The vulnerability is reported in the following versions: * 12.2ZH and 12.2ZL based trains * 12.3 based trains * 12.3T based trains * 12.4 based trains * 12.4T based trains SOLUTION: Fixes are available (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml OTHER REFERENCES: US-CERT VU#236045: http://www.kb.cert.org/vuls/id/236045 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.06

sources: NVD: CVE-2005-2841 // CERT/CC: VU#236045 // JVNDB: JVNDB-2005-000516 // BID: 89349 // BID: 14770 // VULHUB: VHN-14050 // PACKETSTORM: 39925

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 3.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 3.0
vendor:	cisco	model:	ios 12.3	scope:	ne	version:	-	Trust: 2.1
vendor:	cisco	model:	ios	scope:	eq	version:	12.4t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2zl	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2zh	Trust: 1.6
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 0.8
vendor:	cisco	model:	ios 12.4t	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.3t	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2zl	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2zh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ys	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ya	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xs	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3jk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ja	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3bw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3bc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sec	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 t	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 mr	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.4(1)	Trust: 0.3
vendor:	cisco	model:	ios 12.3 bc7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 yi1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 yg2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 t9	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 xr4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 xi4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 t10	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 ja	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 xk4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 xg5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 xe4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 xc3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 xa5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 jk	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.3(15)	Trust: 0.3
vendor:	cisco	model:	ios 12.3 yu	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 yt	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 yq	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 t2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 yw	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 ys	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 yk1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 yf2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 xl3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 t6	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 zh8	scope:	ne	version:	-	Trust: 0.3

sources: CERT/CC: VU#236045 // BID: 89349 // BID: 14770 // JVNDB: JVNDB-2005-000516 // NVD: CVE-2005-2841 // CNNVD: CNNVD-200509-072

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2005-2841
value:	HIGH
Trust: 1.8
CARNEGIE MELLON:	VU#236045
value:	21.87
Trust: 0.8
CNNVD:	CNNVD-200509-072
value:	HIGH
Trust: 0.6
VULHUB:	VHN-14050
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	TRUE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2005-2841
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-14050
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#236045 // VULHUB: VHN-14050 // JVNDB: JVNDB-2005-000516 // NVD: CVE-2005-2841 // CNNVD: CNNVD-200509-072

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2841

THREAT TYPE

network

Trust: 0.6

sources: BID: 89349 // BID: 14770

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200509-072

CONFIGURATIONS

sources: NVD: CVE-2005-2841

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-14050

PATCH

title:	cisco-sa-20050907-auth_proxy	url:	http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml	Trust: 0.8
title:	cisco-sa-20050907-auth_proxy	url:	http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20050907-auth_proxy-j.shtml	Trust: 0.8

sources: JVNDB: JVNDB-2005-000516

EXTERNAL IDS

db:	CERT/CC	id:	VU#236045	Trust: 3.7
db:	NVD	id:	CVE-2005-2841	Trust: 2.8
db:	BID	id:	14770	Trust: 1.9
db:	VUPEN	id:	ADV-2005-1669	Trust: 1.7
db:	SECUNIA	id:	16719	Trust: 1.0
db:	XF	id:	22174	Trust: 0.8
db:	JVNDB	id:	JVNDB-2005-000516	Trust: 0.8
db:	CNNVD	id:	CNNVD-200509-072	Trust: 0.7
db:	CISCO	id:	20050907 CISCO IOS FIREWALL AUTHENTICATION PROXY FOR FTP AND TELNET SESSIONS BUFFER OVERFLOW	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:5317	Trust: 0.6
db:	BID	id:	89349	Trust: 0.4
db:	SEEBUG	id:	SSVID-79878	Trust: 0.1
db:	EXPLOIT-DB	id:	26233	Trust: 0.1
db:	VULHUB	id:	VHN-14050	Trust: 0.1
db:	PACKETSTORM	id:	39925	Trust: 0.1

sources: CERT/CC: VU#236045 // VULHUB: VHN-14050 // BID: 89349 // BID: 14770 // JVNDB: JVNDB-2005-000516 // PACKETSTORM: 39925 // NVD: CVE-2005-2841 // CNNVD: CNNVD-200509-072

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml	Trust: 3.2
url:	http://www.kb.cert.org/vuls/id/236045	Trust: 2.9
url:	http://www.securityfocus.com/bid/14770	Trust: 1.6
url:	http://www.frsirt.com/english/advisories/2005/1669	Trust: 1.4
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5317	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2005/1669	Trust: 1.1
url:	http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/iosfw2_1.htm	Trust: 0.8
url:	http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/ftp_tel.htm	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/22174	Trust: 0.8
url:	http://secunia.com/advisories/16719	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2841	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu%23236045/	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-2841	Trust: 0.8
url:	http://www.securiteam.com/securitynews/5hp012agui.html	Trust: 0.8
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5317	Trust: 0.6
url:	http://lists.darklab.org/pipermail/darklab/2005-october/000068.html	Trust: 0.3
url:	http://www.cisco.com/public/sw-center/sw-ios.shtml	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml#software	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/50/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/16719/	Trust: 0.1
url:	http://secunia.com/product/182/	Trust: 0.1

CREDITS

Unknown

Trust: 0.3

sources: BID: 89349

SOURCES

db:	CERT/CC	id:	VU#236045
db:	VULHUB	id:	VHN-14050
db:	BID	id:	89349
db:	BID	id:	14770
db:	JVNDB	id:	JVNDB-2005-000516
db:	PACKETSTORM	id:	39925
db:	NVD	id:	CVE-2005-2841
db:	CNNVD	id:	CNNVD-200509-072

LAST UPDATE DATE

2023-12-18T12:13:29.600000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#236045	date:	2005-09-09T00:00:00
db:	VULHUB	id:	VHN-14050	date:	2017-10-11T00:00:00
db:	BID	id:	89349	date:	2005-09-08T00:00:00
db:	BID	id:	14770	date:	2005-09-07T00:00:00
db:	JVNDB	id:	JVNDB-2005-000516	date:	2007-04-01T00:00:00
db:	NVD	id:	CVE-2005-2841	date:	2017-10-11T01:30:20.497
db:	CNNVD	id:	CNNVD-200509-072	date:	2009-03-04T00:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#236045	date:	2005-09-07T00:00:00
db:	VULHUB	id:	VHN-14050	date:	2005-09-08T00:00:00
db:	BID	id:	89349	date:	2005-09-08T00:00:00
db:	BID	id:	14770	date:	2005-09-07T00:00:00
db:	JVNDB	id:	JVNDB-2005-000516	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	39925	date:	2005-09-09T03:43:59
db:	NVD	id:	CVE-2005-2841	date:	2005-09-08T10:03:00
db:	CNNVD	id:	CNNVD-200509-072	date:	2005-09-08T00:00:00