Full Disclosure mailing list archives
Re: IRM Discover More Vulnerabilities in Cisco IOS
From: <full-disclosure () mac hush com>
Date: Tue, 23 Oct 2007 14:40:21 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shut up pdp On Tue, 23 Oct 2007 14:31:52 -0400 reepex <reepex () gmail com> wrote:
---- Bug 1: "The Line Printer Daemon, which provides print server functionality in Cisco IOS is vulnerable to a software flaw whereby the length of the hostname of the router is not checked before being copied into a fixed size memory buffer. ..... However, the attacker must be able to control the hostname of the router, which could be achieved via SNMP." Ok... so for this "remote" attack the victim would need a badly configured snmp listening public... ok pdp architect --- Bug 2: Cisco say its cross-site scripting Ok you are still stealing pdp architect's research --- Bug 3-7,10-15 "Local" attacks on a cisco - lulz Not even pdp would go this low --- Bug 8,9: no info - im sure its elite though Having a bug but releasing no info - sounds like drraid and pdp architec to me ----- so basically you found a bunch of local bugs in ciscos and a bug if you can control snmp - way to go - your "grep -r strcpy *" skills are quiet strong. Eeye and idefense would glady hire you. Do you wonder why you found 12 bugs and get no press but michael lynn finds a couple and cisco is throwing lawyers and lawsuits at him? - -- its probably because his mattered and yours are a joke - just like you and your company. On 10/23/07, Andy Davis <andy.davis () irmplc com> wrote:In the last three months IRM has discovered a total of 13 newsecurityvulnerabilities in Cisco IOS. These vulnerabilities werereported toCisco and have all been allocated PSIRT reference numbers whilethe rootcause and potential impact of each is investigated. Cisco hastaken allthe vulnerability reports extremely seriously and has alreadystartedreleasing patches and workarounds to mitigate them (e.g. http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml). Asthe remaining patches or workarounds are developed, IRM willreleasesecurity advisories, which will include full technical detailsof eachvulnerability and links to patch download information. More information about the new vulnerabilities discovered isavailablehere: http://www.irmplc.com/index.php/111-Vendor-Alerts _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkceQBUACgkQqTTbVuUWvbLNnwQAlOLcbkRkqv4Ainy6ZfISAsTR3wXl rxUvX+C5qRS4NW/lZ55e1wHe2GDt3gpfpstIKwTbnt/N6FqGDNFx6UO/KyjHY8sRc058 RSi9uGiWviRS35j9RBMj+44z1rMDnfATvcJ2YUsLdStjmMg2zuCkas205NA/PQEO0422 TR3IbsQ= =VYiE -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IRM Discover More Vulnerabilities in Cisco IOS Andy Davis (Oct 23)
- Re: IRM Discover More Vulnerabilities in Cisco IOS crazy frog crazy frog (Oct 23)
- Re: IRM Discover More Vulnerabilities in Cisco IOS reepex (Oct 23)
- <Possible follow-ups>
- Re: IRM Discover More Vulnerabilities in Cisco IOS full-disclosure (Oct 23)