[virusinfo] Vulnerability in Cisco devices allows RADIUS authentication bypass - 6-30-05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Thu, 30 Jun 2005 09:40:15 -0700

From: Panda Oxygen3:

"The wise man avoids evil by anticipating it." 
                  Publilius Syrus (~100 BC), Roman writer

     - Vulnerability in Cisco devices allows RADIUS authentication
bypass - 
       Oxygen3 24h-365d, by Panda Software
(http://www.pandasoftware.com)

Madrid, June 30, 2005 - Cisco has reported, at
http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml, a
vulnerability in Cisco IOS devices with RADIUS (Remote Authentication
Dial In User Service) authentication, which could allow a remote
attacker to bypass this identification mechanism.

According to the advisory published by the company, the problem occurs
in devices with certain versions of Cisco IOS and configured with a
fallback method to none. Systems that are configured for other
authentication methods or that are not configured with a fallback method
to none are not affected.

The affected versions of Cisco IOS are:

- 12.2T
- 12.3
- 12.3T
- 12.4

Cisco has released the updates necessary to avoid this problem, which
are available from the Software Center on Cisco's website:
http://www.cisco.com. Due to the diversity of vulnerable products and
versions, it is recommendable to refer to the Cisco advisory to check
the patch needed for each product version affected.

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If
this happens, just use the 'cut' and 'paste' options to join the pieces
of the URL.

------------------------------------------------------------ 

The 5 viruses most frequently detected by Panda ActiveScan, Panda
Software's free online scanner:
1)Mhtredir.gen; 2)Netsky.P; 3)Sdbot.ftp; 4)Mitglieder.DQ; 5)Qhost.gen.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Vulnerability in Cisco devices allows RADIUS authentication bypass - 6-30-05

1. Home
2. virusinfo
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---