• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cisco IOS/700 Router Password Buffer Overflow

It is reported that Cisco 7xx series routers with software versions 4.1(1), 4.1(2), or 4.1 interim releases earlier than 4.1(2.1) contain a buffer overflow.

When either connection via telnet, or via the system console, an attacker sending a very large password string may be able to crash the router. This is due to improper bounds checking on a fixed size buffer.

It is possible to exploit this vulnerability to crash affected routers, or cause reboots to occure. This will deny service to legitimate users.

It may also be possible to execute code in the context of the router software.