[ISN] Cisco issues hacker patch
InfoSec News
isn at c4i.org
Mon Aug 22 04:14:49 EDT 2005
http://www.vnunet.com/vnunet/news/2141302/cisco-issues-hacker-patch
Iain Thomson
vnunet.com
18 Aug 2005
Cisco has released a patch for its Cisco Clean Access (CCA) software,
which is designed to seek out unsafe hardware on a network.
The patch, rated less critical by Secunia, covers a flaw in the
Application Program Interface (API) and would allow a hacker to use
specially crafted code to gain control of the system. The compromised
code could then be used to allow infected machines onto the network or
to ban clean computers from access.
"Cisco is not aware of any public announcements or malicious use of
the vulnerability," said the company in a statement.
"[We] would like to thank Troy Holder from the North Carolina State
University for bringing this to our attention."
Registered Cisco users can download the patch from here [1] and for
those without a support contract, a workaround [2] has been posted on
the company's website.
[1] http://www.cisco.com/pcgi-bin/tablebuild.pl/cca-patche
[2] http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml
More information about the ISN
mailing list