Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IRM Discover More Vulnerabilities in Cisco IOS

From: reepex <reepex () gmail com>
Date: Tue, 23 Oct 2007 13:31:52 -0500
----
Bug 1:
"The Line Printer Daemon, which provides print server functionality in
Cisco IOS is vulnerable to a software flaw whereby the length of the
hostname of the router is not checked before being copied into a fixed
size memory buffer. ..... However, the attacker must be able to
control the hostname of the router, which could be achieved via SNMP."

Ok... so for this "remote" attack the victim would need a badly
configured snmp listening public... ok pdp architect

---
Bug 2:
Cisco say its cross-site scripting

Ok you are still stealing pdp architect's research
---

Bug 3-7,10-15
"Local" attacks on a cisco - lulz

Not even pdp would go this low
---

Bug 8,9: no info - im sure its elite though

Having a bug but releasing no info - sounds like drraid and pdp architec to me

-----

so basically you found a bunch of local bugs in ciscos and a bug if
you can control snmp - way to go - your "grep -r strcpy *" skills are
quiet strong. Eeye and idefense would glady hire you.

Do you wonder why you found 12 bugs and get no press but michael lynn
finds a couple and cisco is throwing lawyers and lawsuits at him? ---
its probably because his mattered and yours are a joke - just like you
and your company.


On 10/23/07, Andy Davis <andy.davis () irmplc com> wrote:

In the last three months IRM has discovered a total of 13 new security
vulnerabilities in Cisco IOS. These vulnerabilities were reported to
Cisco and have all been allocated PSIRT reference numbers while the root
cause and potential impact of each is investigated. Cisco has taken all
the vulnerability reports extremely seriously and has already started
releasing patches and workarounds to mitigate them (e.g.
http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml). As
the remaining patches or workarounds are developed, IRM will release
security advisories, which will include full technical details of each
vulnerability and links to patch download information.

More information about the new vulnerabilities discovered is available
here:

http://www.irmplc.com/index.php/111-Vendor-Alerts


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: