Educause Security Discussion mailing list archives
Re: Cisco IOS Vulnerablity
From: Chris Harrington <charrington () NITROSECURITY COM>
Date: Thu, 3 Nov 2005 10:12:34 -0500
Jeff Kell wrote:
My take is sort of an extension to the rootshell part of Lynn's controversial Blackhats presentation a few months back. This isn't a new vulnerability in and of itself, but a new and dangerous way to exploit IOS once you get there.
Jeff is right. This vulnerability does not provide an insertion point for injection of malcode. This vuln represents the next step of an attack that would allow execution of injected malcode. An additional vulnerability, like the IPv6 issue that Lynn used is required to inject the malcode. --Chris -- Christopher Harrington Chief Technology Officer nitrosecurity o: 603.766.8160 c: 603.969.0592 w: www.nitrosecurity.com Skype: chrisharrington
Current thread:
- Cisco IOS Vulnerablity Scott Genung (Nov 02)
- <Possible follow-ups>
- Re: Cisco IOS Vulnerablity Arturo Servin (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Flynn (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Golomb (Nov 03)
- Re: Cisco IOS Vulnerablity John Ladwig (Nov 03)
- Re: Cisco IOS Vulnerablity Jeff Kell (Nov 03)
- Re: Cisco IOS Vulnerablity Chris Harrington (Nov 03)