Educause Security Discussion mailing list archives
Re: Cisco IOS Vulnerablity
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 3 Nov 2005 08:40:57 -0500
Arturo Servin wrote:
Yes. It's going to be a big one.
Unless I missed something, Cisco altered an architecture design so that it would be harder to exploit a heap overflow related defect should one be found (or a past one not patched). I don't see where they announced a new defect allowing an exploit to produce a heap overflow. It appears comparable to adding stack protection in Windows XP sp2 although that was for a different type of overflow. Its a strengthening measure more than a patching measure. Am I misinterpreting the bulletin? -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Cisco IOS Vulnerablity Scott Genung (Nov 02)
- <Possible follow-ups>
- Re: Cisco IOS Vulnerablity Arturo Servin (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Flynn (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Golomb (Nov 03)
- Re: Cisco IOS Vulnerablity John Ladwig (Nov 03)
- Re: Cisco IOS Vulnerablity Jeff Kell (Nov 03)
- Re: Cisco IOS Vulnerablity Chris Harrington (Nov 03)