Info

Disclosure

Jan 25, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IOS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user ends a tclsh login session without using tclquit, and a subsequent local user re-uses the process. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to the latest version available for your equipment, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	IOS	12.2
		12.3
		12.4

References

Security Tracker: 1015543
Bugtraq ID: 16383
Secunia Advisory ID: 18613
CVE ID: 2006-0486 (see also: NVD)
Related OSVDB ID: 34892
VUPEN Advisory: ADV-2006-0337
Keyword: CSCef77770
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/22723

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

IOS

References

Credit