Full Disclosure mailing list archives

Re: IRM Discover More Vulnerabilities in Cisco IOS

From: <full-disclosure () mac hush com>
Date: Tue, 23 Oct 2007 14:40:21 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

shut up pdp

On Tue, 23 Oct 2007 14:31:52 -0400 reepex <reepex () gmail com> wrote:

----
Bug 1:
"The Line Printer Daemon, which provides print server
functionality in
Cisco IOS is vulnerable to a software flaw whereby the length of
the
hostname of the router is not checked before being copied into a
fixed
size memory buffer. ..... However, the attacker must be able to
control the hostname of the router, which could be achieved via
SNMP."

Ok... so for this "remote" attack the victim would need a badly
configured snmp listening public... ok pdp architect

---
Bug 2:
Cisco say its cross-site scripting

Ok you are still stealing pdp architect's research
---

Bug 3-7,10-15
"Local" attacks on a cisco - lulz

Not even pdp would go this low
---

Bug 8,9: no info - im sure its elite though

Having a bug but releasing no info - sounds like drraid and pdp
architec to me

-----

so basically you found a bunch of local bugs in ciscos and a bug
if
you can control snmp - way to go - your "grep -r strcpy *" skills
are
quiet strong. Eeye and idefense would glady hire you.

Do you wonder why you found 12 bugs and get no press but michael
lynn
finds a couple and cisco is throwing lawyers and lawsuits at him? -
--
its probably because his mattered and yours are a joke - just like
you
and your company.


On 10/23/07, Andy Davis <andy.davis () irmplc com> wrote:

In the last three months IRM has discovered a total of 13 new

security

vulnerabilities in Cisco IOS. These vulnerabilities were

reported to

Cisco and have all been allocated PSIRT reference numbers while

the root

cause and potential impact of each is investigated. Cisco has

taken all

the vulnerability reports extremely seriously and has already

started

releasing patches and workarounds to mitigate them (e.g.
http://www.cisco.com/warp/public/707/cisco-sr-20071010-

lpd.shtml). As

the remaining patches or workarounds are developed, IRM will

release

security advisories, which will include full technical details

of each

vulnerability and links to patch download information.

More information about the new vulnerabilities discovered is

available

here:

http://www.irmplc.com/index.php/111-Vendor-Alerts


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkceQBUACgkQqTTbVuUWvbLNnwQAlOLcbkRkqv4Ainy6ZfISAsTR3wXl
rxUvX+C5qRS4NW/lZ55e1wHe2GDt3gpfpstIKwTbnt/N6FqGDNFx6UO/KyjHY8sRc058
RSi9uGiWviRS35j9RBMj+44z1rMDnfATvcJ2YUsLdStjmMg2zuCkas205NA/PQEO0422
TR3IbsQ=
=VYiE
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

IRM Discover More Vulnerabilities in Cisco IOS Andy Davis (Oct 23)
- Re: IRM Discover More Vulnerabilities in Cisco IOS crazy frog crazy frog (Oct 23)
- Re: IRM Discover More Vulnerabilities in Cisco IOS reepex (Oct 23)
- <Possible follow-ups>
- Re: IRM Discover More Vulnerabilities in Cisco IOS full-disclosure (Oct 23)