CVE-2007-2586 Information

Description

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization which allows remote attackers to execute arbitrary code and have other impact including reading startup-config as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer aka bug ID CSCek55259.

Reference

http://seclists.org/bugtraq/2009/Jan/0183.html http://secunia.com/advisories/25199 http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml http://www.exploit-db.com/exploits/6155 http://www.osvdb.org/35334 http://www.securityfocus.com/archive/1/494868 http://www.securityfocus.com/bid/23885 http://www.securitytracker.com/id?1018030 http://www.vupen.com/english/advisories/2007/1749 https://exchange.xforce.ibmcloud.com/vulnerabilities/34197 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5036