Bugtraq mailing list archives

Re: Cisco 6509 switch telnet vulnerability

From: Bob Niederman <btrq () bob-n com>
Date: Sat, 4 Oct 2003 00:55:11 -0500 (CDT)




While this is clearly a bug, the example given does not show that it's
serious.  The example (and the statement "...as long as they are followed
by a space and a ?") shows that you have gotten the syntax for the next
parameter of the command, not that you have executed it.


---
My mail server bit-buckets mail to this address which is not from securityfocus.com servers.  To email me, send to
bob AT bob-n DOT com

On 3 Oct 2003, Chris Norton wrote:



A vulnerability has been found on Cisco 6509 switches. The
vulnerability was found to work on 2 different Cisco 6509 switches
running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to
information and commands being exectued on the remote switch from the
login prompt. Commands can be exectued at the Enter password: prompt
as long as they are followed by a space and a ? Proof of concept
below: Cisco Systems Console

Enter password:
<data_size>                Size of the packet (0..1420)
<cr>                       
Enter password: traceroute 127.0.0.1

This vulnerability has yet to be confirmed by Cisco but they have been alerted about it.

Current thread:

Cisco 6509 switch telnet vulnerability Chris Norton (Oct 03)
- Re: Cisco 6509 switch telnet vulnerability Wendy Garvin (Oct 04)
- Re: Cisco 6509 switch telnet vulnerability Bob Niederman (Oct 04)
  - Re: Cisco 6509 switch telnet vulnerability twig les (Oct 06)