DoS Downplay?

[KF <dotslash () snosoft com>]

I think I have been censored or at least subject to temporary moderation 
 or possibly just a slow mail server or a sleepy moderator... I should 
not make assumptions either way but I definately have a comment to make 
and don't feel like waiting on it to hit bugtraq. See attached forward.

-KF
> --- Begin Message ---
>
>
> From: KF <dotslash () snosoft com>
>
> Date: Fri, 21 Feb 2003 20:24:31 -0500
>
> <div class="moz-text-flowed" style="font-family: -moz-fixed">I am currious to what part of executing shellcode intails a denial of 
> service... I think that is a bit of down play... remote code execution 
> is not a DOS...denial of service could however be a side effect of a bad 
> offset in an exploit.
>
> Alot of vendors make this sort of downplay on issues that could allow 
> remote code execution... they simply call it a DOS. For example the 
> Squid proxy "ftp DOS"... the exploit I saw caused a bit more than denial 
> of service.
>
> how does "basicaly own the router" become ... "is vulnerable to a denial 
> of service if..."
>
> ---- snipet -----
>
> The attached program is a PoC to exploit
>  * this vulnerability by executing "shell code" on the router and write 
> the
>  * attached configuration into NVRAM to basicaly own the router.
>
> -KF
>
>
> Mike Caudill wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> >
> > Cisco can confirm the statement made by FX from Phenoelit in his message 
> > "Cisco IOS OSPF exploit" posted on 2003-Feb-20. The OSPF implementation in 
> > certain Cisco IOS versions is vulnerable to a denial of service if it 
> > receives a flood of neighbor announcements in which more than 255 hosts 
> > try to establish a neighbor relationship per interface.
> >
> >
> > One workaround for this issue is to configure OSPF MD5 authentication.
> > This may be done per interface or per area.
> >
> > Another possible workaround is to apply inbound access lists to explicitly 
> > allow certain OSPF neighbors only:
> >                                                                                 
> > access-list 100 permit ospf host a.b.c.x host 224.0.0.5                         
> > access-list 100 permit ospf host a.b.c.x host interface_ip                      
> > access-list 100 permit ospf host a.b.c.y host 224.0.0.5                         
> > access-list 100 permit ospf host a.b.c.y host interface_ip                      
> > access-list 100 permit ospf host a.b.c.z host 224.0.0.5                         
> > access-list 100 permit ospf host a.b.c.z host interface_ip                      
> > access-list 100 permit ospf any host 224.0.0.6                                  
> > access-list 100 deny ospf any any                                               
> > access-list 100 permit ip any any                                               
> >
> >
> > Cisco IOS Versions 11.1 - 12.0 are subject to this vulnerability.
> > This bug has been resolved.  The following versions of Cisco IOS software
> > are the first fixed releases, meaning that any subsequent releases also 
> > contain the fix:
> >
> >         12.0(19)S
> >         12.0(19)ST
> >
> >         12.1(1)
> >         12.1(1)DB
> >         12.1(1)DC
> >         12.1(1)T
> >
> >
> > We would like to thank FX for his continued cooperation with us in the 
> > spirit of responsible disclosure and working to increase awareness of 
> > security issues.
> >
> > For information on working with the Cisco PSIRT regarding potential security
> > issues, please see our contact information at 
> >
> > http://www.cisco.com/warp/public/707/sec_incident_response.shtml#Problems
> >
> > Thank you,
> >
> > - -Mike-
> >
> >
> >
> > > Hi there,
> > >
> > > attached you may find the exploit for the Cisco IOS bug ID CSCdp58462. The bug
> > > is long fixed, so if you still run OSPF on a old version of IOS, now is a good
> > > time to give your routers some attention.
> > >
> > > FX 
> > >
> > > --
> > >         FX           <fx () phenoelit de>
> > >      Phenoelit   (http://www.phenoelit.de)
> > > 672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
> > >
> > > /* Cisco IOS IO memory exploit prove of concept 
> > > * by FX of Phenoelit <fx () phenoelit de>
> > > * http://www.phenoelit.de
> > > *
> > > * For: 
> > > * 	19C3 Chaos Communication Congress 2002 / Berlin
> > > *       BlackHat Briefings Seattle 2003
> > > * 
> > > * Cisco IOS 11.2.x to 12.0.x OSPF neighbor overflow
> > > * Cisco Bug CSCdp58462 causes more than 255 OSPF neighbors to overflow a IO memory
> > > * structure (small buffer header). The attached program is a PoC to exploit 
> > > * this vulnerability by executing "shell code" on the router and write the 
> > > * attached configuration into NVRAM to basicaly own the router. 
> > > *
> >
> >
> > - -- 
> > - ----------------------------------------------------------------------------
> > |      ||        ||       | Mike Caudill              | mcaudill () cisco com |
> > |      ||        ||       | PSIRT Incident Manager    | 919.392.2855       |
> > |     ||||      ||||      | DSS PGP: 0xEBBD5271       | 919.522.4931 (cell)|
> > | ..:||||||:..:||||||:..  | RSA PGP: 0xF482F607       ---------------------|
> > | C i s c o S y s t e m s | http://www.cisco.com/go/psirt                  |
> > - ----------------------------------------------------------------------------
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 6.5.2
> >
> > iQA/AwUBPlaoLYpjyUnrvVJxEQLcZgCgxAkatIdM5EjV4uMcDgJqd/aFx9EAoPbm
> > Sw0/fZvhc3uuv0NnuBwfSWnw
> > =McnI
> > -----END PGP SIGNATURE-----
>
>
> </div>
>
> --- End Message ---