| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 4 Oct 2003 00:55:11 -0500 (CDT) From: Bob Niederman <btrq@...-n.com> To: bugtraq@...urityfocus.com Subject: Re: Cisco 6509 switch telnet vulnerability While this is clearly a bug, the example given does not show that it's serious. The example (and the statement "...as long as they are followed by a space and a ?") shows that you have gotten the syntax for the next parameter of the command, not that you have executed it. --- My mail server bit-buckets mail to this address which is not from securityfocus.com servers. To email me, send to bob AT bob-n DOT com On 3 Oct 2003, Chris Norton wrote: > > > A vulnerability has been found on Cisco 6509 switches. The > vulnerability was found to work on 2 different Cisco 6509 switches > running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to > information and commands being exectued on the remote switch from the > login prompt. Commands can be exectued at the Enter password: prompt > as long as they are followed by a space and a ? Proof of concept > below: Cisco Systems Console > > Enter password: > <data_size> Size of the packet (0..1420) > <cr> > Enter password: traceroute 127.0.0.1 > > This vulnerability has yet to be confirmed by Cisco but they have been alerted about it. >
Powered by blists - more mailing lists