nanog mailing list archives
Re: Cisco IOS Exploit Cover Up
From: Brett Frankenberger <rbf () rbfnet com>
Date: Thu, 28 Jul 2005 09:37:36 -0500
On Thu, Jul 28, 2005 at 07:03:31AM -0700, Eric Rescorla wrote:
Can you or someone else who was there or has some details describe what the actual result is and what the fix was? Based on what I've been reading, it sounds like Lynn's result was a method for exploiting arbitrary new vulnerabilities. Are you saying that this method can't be used in future IOS revs?
As nearly as I can tell from reports (I wasn't there), he (1) talked about a general way to exploit a buffer overflow to cause arbitrary code execution (this would apply to buffer overflows generally, but would be completely useless if you didn't know of a buffer overflow to exploit), and (2) demonstrated his technique using a previosuly known buffer overflow vulnerability which Cisco has already patched. So Cisco is correct in saying that he didn't identifiy any new vulnerabilities, and Cisco is also correct in saying that the vulnerability he used in his presentation to demonstrate his technique has been patched. However, the same technique will be useful on the next buffer overflow vulnerability to be discovered. -- Brett
Current thread:
- RE: Cisco IOS Exploit Cover Up, (continued)
- RE: Cisco IOS Exploit Cover Up Hannigan, Martin (Jul 27)
- RE: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 27)
- Re: Cisco IOS Exploit Cover Up Andre Ludwig (Jul 27)
- RE: Cisco IOS Exploit Cover Up Dan Hollis (Jul 27)
- RE: Cisco IOS Exploit Cover Up Neil J. McRae (Jul 28)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Christopher L. Morrow (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Eric Rescorla (Jul 28)
- Re: Cisco IOS Exploit Cover Up Brett Frankenberger (Jul 28)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- RE: Cisco IOS Exploit Cover Up Scott Morris (Jul 28)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jason Frisvold (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jared Mauch (Jul 28)
- Re: Cisco IOS Exploit Cover Up Stephen Sprunk (Jul 28)
- Re: Cisco IOS Exploit Cover Up Gordon Cook (Jul 27)