Re: furor over Cisco IOS router exploit erupts at Black Hat

["Parker, Ron" <Ron.Parker () BRAZOSPORT EDU>]

I've been following this discussion on the NANOG list
(http://www.merit.edu/mail.archives/nanog). They have been bouncing off
the walls on this since yesterday. Unfortunately, usable information
about this is pretty much nonexistent at this point. Cisco's official
announcement on this just says to upgrade to the "latest available
versions" and contact your account people:

http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.ht
ml

The problem, of course, is that many of us don't run out and load every
new IOS version that comes along unless we need a bug fix or a
new/different feature. So, it isn't really clear to me what "latest
available version" means. It also isn't clear if only the latest version
in a particular release train is the one that is not vulnerable or if
you are OK as long as you aren't using a "retired" version. If anyone
finds out anything useful, please pass it along. I suspect that Cisco is
just trying to control widespread release of the information by asking
us to contact them directly.


--
Ron Parker, Director of Information Technology, Brazosport College
http://www.brazosport.edu
 

> -----Original Message-----
> From: Scott Genung [mailto:sagenung () ILSTU EDU] 
> Sent: Thursday, July 28, 2005 3:26 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] furor over Cisco IOS router exploit 
> erupts at Black Hat
>
> All,
>
> I just read this article. Based upon Cisco's reaction, I'm 
> rather concerned about this material that has been shared 
> with the hacker community. I have asked my account manager if 
> Cisco will be releasing to it's customer base what 
> vulnerabilities we need to be aware of to defend our infrastructure. 
> It could be a very interesting fall semester.
>
> > Date: Thu, 28 Jul 2005 12:18:59 -0500
> > From: NW Cisco News Alert <CiscoAlert () nwfnews com>
> > Subject: Cisco News Alert Special Issue: Furor over Cisco IOS router 
> > exploit
> >  erupts at Black Hat
> >
> > _______________________________________________________________
> > Furor over Cisco IOS router exploit erupts at Black Hat By Ellen 
> > Messmer, Network World, 07/28/05
> >
> > Although Cisco and Internet Security Systems had abruptly 
> cancelled a 
> > planned technical talk and demo at the Black Hat Conference 
> to reveal 
> > how unpatched Cisco routers can be remotely compromised, the 
> researcher 
> > who had originally uncovered the problem went ahead with the talk 
> > anyway, igniting a spate of lawsuits against himself and the 
> Black Hat 
> > Conference.
> >
> > Michael Lynn, the research analyst at ISS who was asked to 
> resign after 
> > his presentation detailing how an attacker can exploit flaws in 
> > unpatched Cisco routers to gain total control over them, 
> said he felt 
> > compelled to reveal the information because "I felt I had to 
> do what's 
> > right for the country and the national infrastructure."
> >
> > Cisco and ISS, claiming it was premature to release the 
> research, saw 
> > it differently and immediately filed a lawsuit aimed at 
> compelling him 
> > not to discuss the subject further. The Black Hat Conference 
> was also 
> > served with a lawsuit by the two companies for allowing Lynn 
> to discuss 
> > the exploits associated with Cisco routers.
> >
> > Full story:
> > http://www.networkworld.com/news/2005/072805-cisco-black-hat.html?nl
>
>
> Scott Genung
> Manager of Networking Systems
> Telecommunications and Networking
> Illinois State University
> 124 Julian Hall
> Normal, IL 61790-3500
>
> sagenung () ilstu edu
> Phone: (309)438-7258
> Web: http://www.tel.ilstu.edu