Cisco IOS TFTP Server Long File Name Buffer Overflow Vulnerability

A problem has been discovered in Cisco IOS and MGX switches that could result in a denial of service, and potential code execution.

It has been discovered that the TFTP server file name handling of Cisco IOS is vulnerable to a buffer overflow. This overflow results due insufficient bounds checking on requested file names. A request for a file name of 700 or more bytes will result a crash of the router, and reboot of the device.

On Cisco MGX switches, the TFTP service will fail but the device will continue to function.

Cisco IOS versions 12.0 and later are not prone to this issue. Cisco has assigned Cisco Bug ID CSCdy03429 to this vulnerability.

Cisco has announced that some MGX switches are also affected by this issue. Cisco has assigned Cisco Bug ID CSCdy03429 to this vulnerability.


 

Privacy Statement
Copyright 2010, SecurityFocus