Full Disclosure mailing list archives
Re: IRM Discover More Vulnerabilities in Cisco IOS
From: reepex <reepex () gmail com>
Date: Tue, 23 Oct 2007 13:31:52 -0500
---- Bug 1: "The Line Printer Daemon, which provides print server functionality in Cisco IOS is vulnerable to a software flaw whereby the length of the hostname of the router is not checked before being copied into a fixed size memory buffer. ..... However, the attacker must be able to control the hostname of the router, which could be achieved via SNMP." Ok... so for this "remote" attack the victim would need a badly configured snmp listening public... ok pdp architect --- Bug 2: Cisco say its cross-site scripting Ok you are still stealing pdp architect's research --- Bug 3-7,10-15 "Local" attacks on a cisco - lulz Not even pdp would go this low --- Bug 8,9: no info - im sure its elite though Having a bug but releasing no info - sounds like drraid and pdp architec to me ----- so basically you found a bunch of local bugs in ciscos and a bug if you can control snmp - way to go - your "grep -r strcpy *" skills are quiet strong. Eeye and idefense would glady hire you. Do you wonder why you found 12 bugs and get no press but michael lynn finds a couple and cisco is throwing lawyers and lawsuits at him? --- its probably because his mattered and yours are a joke - just like you and your company. On 10/23/07, Andy Davis <andy.davis () irmplc com> wrote:
In the last three months IRM has discovered a total of 13 new security vulnerabilities in Cisco IOS. These vulnerabilities were reported to Cisco and have all been allocated PSIRT reference numbers while the root cause and potential impact of each is investigated. Cisco has taken all the vulnerability reports extremely seriously and has already started releasing patches and workarounds to mitigate them (e.g. http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml). As the remaining patches or workarounds are developed, IRM will release security advisories, which will include full technical details of each vulnerability and links to patch download information. More information about the new vulnerabilities discovered is available here: http://www.irmplc.com/index.php/111-Vendor-Alerts _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IRM Discover More Vulnerabilities in Cisco IOS Andy Davis (Oct 23)
- Re: IRM Discover More Vulnerabilities in Cisco IOS crazy frog crazy frog (Oct 23)
- Re: IRM Discover More Vulnerabilities in Cisco IOS reepex (Oct 23)
- <Possible follow-ups>
- Re: IRM Discover More Vulnerabilities in Cisco IOS full-disclosure (Oct 23)