Network admins need to pay attention to this alert.The Cisco Internetwork Operating System (IOS) may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707...2-timers.shtml.
Cisco is not aware of any active exploitation of this vulnerability. This advisory documents changes to Cisco IOS® as a result of continued research related to the demonstration of the exploit for another vulnerability which occurred in July 2005 at the Black Hat USA Conference. Cisco addressed the IPv6 attack vector used in that demonstration in a separate advisory published on July 29, 2005.