Cisco warns of a flaw in Telnet server used by IronPort Email Security Appliances and IronPort Management Appliances. An attacker may exploit the vulnerability to remotely execute code by sending crafted commands to telnet daemon (telnetd). A buffer overflow vulnerability in encrypt_keyid() function causes server to execute such code with system privileges. No patch is available. Cisco advises users should turn the Telnet server off.

Source: Heise Online
30.01.2012