Re: Mike Lynn released information about a hacking Cisco IOS

[routerg <routerg () gmail com>]

Also expense.  There are tones of 2500's running 10.* and 11.* that
would require either upgrading memory and flash or even the whole
platform.  The mass amount of organizations not that concerned with
network security probably don't want to spend the money to upgrade.

But unfortunately yeah, upgrade for now.


On 8/3/05, McKinley, Jackson <Jackson.McKinley () team telstra com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>  Other problem people face and im sure others do as well with patching
> equipment is "Certs" some devices are cleared for work on set OS lvls.
> For instance the new PIX OS code isnt EAL4 cert..
>
> So patching isnt always an option.
>
> Layered defence is the best option I say.  That way one weakness can be
> removed by a second system.
>
> - -----Original Message-----
> From: Kelly Martin [mailto:kel () securityfocus com]
> Sent: Thursday, 4 August 2005 10:42 AM
> To: ddjjembe 2
> Cc: security-basics () securityfocus com
> Subject: Re: Mike Lynn released information about a hacking Cisco IOS
>
> ddjjembe 2 wrote:
> > Last week Mike Lynn released information about a hacking Cisco IOS.
> > Is there a patch to protect from this vulnerability?
>
> Just keep your routers patched and you'll be safe. He used a very new
> technique with an old vulnerability that has already been patched. The
> biggest issue is that people aren't used to patching their Cisco routers
> because no one has even been able to prove that shellcode can run on IOS
> before.
>
> Cheers,
>
> Kelly Martin
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (MingW32)
> Comment: For info see http://www.gnupg.org
>
> iEYEARECAAYFAkLxaQcACgkQ4Tg6VO8hWutUiwCgjIglhlKa7UvtiXPas8SF//PX
> JvMAniMJySWoOevg/CXV3p6kkbr5iqEU
> =lS/x
> -----END PGP SIGNATURE-----