Cisco recently warned of a security flaw in its IronPort Email Security Appliances and IronPort Security Management Appliances.
"The vulnerability could be exploited by an attacker to remotely execute code on a system by sending a specially crafted command to the telnet daemon (telnetd)," The H Security reports.
"A buffer overflow in the encrypt_keyid() function causes the server to execute the injected code with system privileges," the article states. "Cisco has yet to provide its customers with a patch. Users who wish to prevent their systems from being compromised need to deactivate the Telnet server – instructions for doing so can be found in the advisory."
Go to "Cisco Security Appliances at risk from Telnet bug" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204660770;s=9477;x=7936;f=201812281321530;u=j;z=TIMESTAMP;a=20396194;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.