Vulnerability Type / Importance: Remote Code Execution / High
Problem Discovered: 30 July 2007
Vendor Contacted: 30 July 2007
Advisory Published: 10 October 2007
Abstract:
$ telnet 172.30.3.101 515
Trying 172.30.3.101...
Connected to 172.30.3.101 (172.30.3.101).
Escape character is '^]'.
hostname_of_the_router
: /usr/lib/lpd: Malformed from address
$ snmpset -Os -c private -v 1 10.0.0.1 system.sysName.0 s
long_hostname
Vendor & Patch Information:
Cisco have released an update to resolve this issue; this can be downloaded from: http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml
Workaround:
Cisco have provided the following workaround to mitigate this vulnerability:
http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml
Tested/Affected Versions:
IRM identified this vulnerability in IOS version 12.3(22)
Credits:
Research & Advisory: Andy Davis
Disclaimer:
All information in this advisory is provided on an 'as is' basis in the hope that it will be useful. Information Risk Management Plc is not responsible for any risks or occurrences caused by the application of this information.