Cisco has warned users of a flaw in its IOS software which might be used by hackers to bypass security restrictions and run hostile code on network devices. The vulnerability reportedly affects all Cisco products that run Cisco IOS software, including routers and a limited range of switches that don"t run CatOS.
The security flap stems from a heap-based buffer overflow security bug involving internal operating system timers. This might be exploited in conjunction with some other heap-based buffer overflow vulnerability to run hostile code on vulnerable systems.
In a statement, Cisco said it had not received any reports about active exploitation of the vulnerability. It explained that the security flaw was related to security bugs outlined in a presentation by security researcher Michael Lynn at Black Hat in July. This presentation became a cause celebre in the security research community after Cisco controversially obtained a restraining order to suppress publication of Lynn"s findings.