Educause Security Discussion mailing list archives

Re: Cisco IOS Vulnerablity

From: Jeff Kell <jeff-kell () UTC EDU>
Date: Thu, 3 Nov 2005 09:54:53 -0500

John Ladwig wrote:

That was my take on it, too.  Seems like it shoulda been a press
release, *unless* there's some nasty unannounced heap overflow in the QA
pipeline.


My take is sort of an extension to the rootshell part of Lynn's controversial Blackhats presentation a few months back.  
This isn't a new vulnerability in and of itself, but a new and dangerous way to exploit IOS once you get there.

Jeff

Current thread:

Cisco IOS Vulnerablity Scott Genung (Nov 02)
- <Possible follow-ups>
- Re: Cisco IOS Vulnerablity Arturo Servin (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Flynn (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Golomb (Nov 03)
- Re: Cisco IOS Vulnerablity John Ladwig (Nov 03)
- Re: Cisco IOS Vulnerablity Jeff Kell (Nov 03)
- Re: Cisco IOS Vulnerablity Chris Harrington (Nov 03)