Educause Security Discussion mailing list archives

Re: Cisco IOS Vulnerablity

From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 3 Nov 2005 08:40:57 -0500

Arturo Servin wrote:

   Yes. It's going to be a big one.


Unless I missed something, Cisco altered an
architecture design so that it would be harder
to exploit a heap overflow related defect should
one be found (or a past one not patched).

I don't see where they announced a new defect
allowing an exploit to produce a heap overflow.

It appears comparable to adding stack protection
in Windows XP sp2 although that was for a
different type of overflow. Its a strengthening
measure more than a patching measure.

Am I misinterpreting the bulletin?


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Current thread:

Cisco IOS Vulnerablity Scott Genung (Nov 02)
- <Possible follow-ups>
- Re: Cisco IOS Vulnerablity Arturo Servin (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Flynn (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Golomb (Nov 03)
- Re: Cisco IOS Vulnerablity John Ladwig (Nov 03)
- Re: Cisco IOS Vulnerablity Jeff Kell (Nov 03)
- Re: Cisco IOS Vulnerablity Chris Harrington (Nov 03)