Educause Security Discussion mailing list archives
Re: Cisco IOS Vulnerablity
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Thu, 3 Nov 2005 08:18:02 -0600
That was my take on it, too. Seems like it shoulda been a press release, *unless* there's some nasty unannounced heap overflow in the QA pipeline. They coulda been clearer, for sure. -jml
flynngn () JMU EDU 11/03/05 7:40 AM >>>
Arturo Servin wrote:
Yes. It's going to be a big one.
Unless I missed something, Cisco altered an architecture design so that it would be harder to exploit a heap overflow related defect should one be found (or a past one not patched). I don't see where they announced a new defect allowing an exploit to produce a heap overflow. It appears comparable to adding stack protection in Windows XP sp2 although that was for a different type of overflow. Its a strengthening measure more than a patching measure. Am I misinterpreting the bulletin? -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Cisco IOS Vulnerablity Scott Genung (Nov 02)
- <Possible follow-ups>
- Re: Cisco IOS Vulnerablity Arturo Servin (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Flynn (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Golomb (Nov 03)
- Re: Cisco IOS Vulnerablity John Ladwig (Nov 03)
- Re: Cisco IOS Vulnerablity Jeff Kell (Nov 03)
- Re: Cisco IOS Vulnerablity Chris Harrington (Nov 03)