lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 23 Oct 2007 13:31:52 -0500
From: reepex <reepex@...il.com>
To: "Andy Davis" <andy.davis@...plc.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: IRM Discover More Vulnerabilities in Cisco IOS

----
Bug 1:
"The Line Printer Daemon, which provides print server functionality in
Cisco IOS is vulnerable to a software flaw whereby the length of the
hostname of the router is not checked before being copied into a fixed
size memory buffer. ..... However, the attacker must be able to
control the hostname of the router, which could be achieved via SNMP."

Ok... so for this "remote" attack the victim would need a badly
configured snmp listening public... ok pdp architect

---
Bug 2:
Cisco say its cross-site scripting

Ok you are still stealing pdp architect's research
---

Bug 3-7,10-15
"Local" attacks on a cisco - lulz

Not even pdp would go this low
---

Bug 8,9: no info - im sure its elite though

Having a bug but releasing no info - sounds like drraid and pdp architec to me

-----

so basically you found a bunch of local bugs in ciscos and a bug if
you can control snmp - way to go - your "grep -r strcpy *" skills are
quiet strong. Eeye and idefense would glady hire you.

Do you wonder why you found 12 bugs and get no press but michael lynn
finds a couple and cisco is throwing lawyers and lawsuits at him? ---
its probably because his mattered and yours are a joke - just like you
and your company.


On 10/23/07, Andy Davis <andy.davis@...plc.com> wrote:
> In the last three months IRM has discovered a total of 13 new security
> vulnerabilities in Cisco IOS. These vulnerabilities were reported to
> Cisco and have all been allocated PSIRT reference numbers while the root
> cause and potential impact of each is investigated. Cisco has taken all
> the vulnerability reports extremely seriously and has already started
> releasing patches and workarounds to mitigate them (e.g.
> http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml). As
> the remaining patches or workarounds are developed, IRM will release
> security advisories, which will include full technical details of each
> vulnerability and links to patch download information.
>
> More information about the new vulnerabilities discovered is available
> here:
>
> http://www.irmplc.com/index.php/111-Vendor-Alerts
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ