lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.10.10310032350050.1296-100000@bob-n.com>
Date: Sat, 4 Oct 2003 00:55:11 -0500 (CDT)
From: Bob Niederman <btrq@...-n.com>
To: bugtraq@...urityfocus.com
Subject: Re: Cisco 6509 switch telnet vulnerability





While this is clearly a bug, the example given does not show that it's
serious.  The example (and the statement "...as long as they are followed
by a space and a ?") shows that you have gotten the syntax for the next
parameter of the command, not that you have executed it.


---
My mail server bit-buckets mail to this address which is not from securityfocus.com servers.  To email me, send to
bob AT bob-n DOT com

On 3 Oct 2003, Chris Norton wrote:

> 
> 
> A vulnerability has been found on Cisco 6509 switches. The
> vulnerability was found to work on 2 different Cisco 6509 switches
> running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to
> information and commands being exectued on the remote switch from the
> login prompt. Commands can be exectued at the Enter password: prompt
> as long as they are followed by a space and a ? Proof of concept
> below: Cisco Systems Console
> 
> Enter password:
> <data_size>                Size of the packet (0..1420)
> <cr>                       
> Enter password: traceroute 127.0.0.1
> 
> This vulnerability has yet to be confirmed by Cisco but they have been alerted about it.
> 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ