RE: "Cisco gate" - Payload Versus Vector

[Dan Hollis <goemon () anime net>]

On Tue, 2 Aug 2005, Randy Bush wrote:
> even without stiffling the heap check via crashing_already (i.e. a
> 'fix' is developed for that weakness), is the 30-60 second window
> sufficient to do serious operational damage.  i.e. what could an
> attacker do with a code injection with a mean life as short as
> 15-30 seconds?

change the passwords and write to nvram, and come back later?

-Dan