[ISN] Cisco issues hacker patch

InfoSec News isn at c4i.org
Mon Aug 22 04:14:49 EDT 2005


Iain Thomson
18 Aug 2005 

Cisco has released a patch for its Cisco Clean Access (CCA) software,
which is designed to seek out unsafe hardware on a network.

The patch, rated less critical by Secunia, covers a flaw in the
Application Program Interface (API) and would allow a hacker to use
specially crafted code to gain control of the system. The compromised
code could then be used to allow infected machines onto the network or
to ban clean computers from access.

"Cisco is not aware of any public announcements or malicious use of
the vulnerability," said the company in a statement.

"[We] would like to thank Troy Holder from the North Carolina State
University for bringing this to our attention."

Registered Cisco users can download the patch from here [1] and for
those without a support contract, a workaround [2] has been posted on
the company's website.

[1] http://www.cisco.com/pcgi-bin/tablebuild.pl/cca-patche
[2] http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml

More information about the ISN mailing list