Cisco Releases Security Advisory to Address Multiple Vulnerabilities(US-CERT Current Activity:)
CiscoがCisco Secure Access Control Serverにユーザがパスワードを変えられるアプリケーションがあるのですが、その脆弱性対応としてセキュリティアドバイザリを出しています。
リモートから任意のコードが実行可能とのこと。
Cisco has released Security Advisory cisco-sa-20080312-ucp to address multiple vulnerabilities in the Cisco Secure Access Control Server for Windows User-Changeable Password (UCP) application. These vulnerabilities are due to buffer overflow conditions and improper sanitization of input passed to CSuserCGI.exe. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code.
US-CERT encourages users to review Cisco Security Advisory cisco-sa-20080312-ucp and apply any necessary updates.