|
|
|
|
| |
Credit:
The original article can be found at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4862
The original article can be found at: http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
|
| |
.Vulnerable Systems:
* Cisco IronPort Email Security Appliance (C-Series and X-Series) versions prior to 7.6.0
* Cisco IronPort Security Management Appliance (M-Series) versions prior to 7.8.0
Immune Systems:
*Cisco IronPort Web Security Appliances (S-Series)
The Cisco IronPort ESA provides email management and protection combining antispam, antivirus, encryption, digital rights management, and archiving technologies. The Cisco IronPort SMA is a flexible management tool designed to centralize and consolidate policy and runtime data, providing a single management interface for multiple Cisco IronPort security appliances.
The Cisco IronPort ESA and the Cisco IronPort SMA run AsyncOS, a modified version of the FreeBSD kernel.
These devices are affected by the FreeBSD telnetd remote code execution vulnerability documented by Common Vulnerabilities and Exposures (CVE) identifier CVE-2011-4862. This vulnerability could allow a remote, unauthenticated attacker to run arbitrary code with elevated privileges.
Vendor Status:
Cisco has issued an update to correct this vulnerability.
Patch Availability:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
CVE Information:
CVE-2011-4862
Disclosure Timeline:
2012-February-08 Updated advisory to fix minor HTML formatting issue.
2012-February-07 Updated advisory to include the availability of IronPort software updates.
2012-January-26 Updated advisory to include the availability of a Cisco Applied Mitigation Bulletin.
2012-January-26 Initial public release.
|
|
|
|
|
