lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20031005022539.91486.qmail@web10105.mail.yahoo.com>
Date: Sat, 4 Oct 2003 19:25:39 -0700 (PDT)
From: twig les <twigles@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Re: Cisco 6509 switch telnet vulnerability


I could not replicate this on a 6509 using remote authentication
and secureID, and those are the only ones we have around.  Has
anyone been able to replicate this?

--- Bob Niederman <btrq@...-n.com> wrote:
> 
> 
> 
> While this is clearly a bug, the example given does not show
> that it's
> serious.  The example (and the statement "...as long as they
> are followed
> by a space and a ?") shows that you have gotten the syntax for
> the next
> parameter of the command, not that you have executed it.
> 
> 
> ---
> My mail server bit-buckets mail to this address which is not
> from securityfocus.com servers.  To email me, send to
> bob AT bob-n DOT com
> 
> On 3 Oct 2003, Chris Norton wrote:
> 
> > 
> > 
> > A vulnerability has been found on Cisco 6509 switches. The
> > vulnerability was found to work on 2 different Cisco 6509
> switches
> > running CATOS 5.4(2) and 5.5(2). The vulnerability can lead
> to
> > information and commands being exectued on the remote switch
> from the
> > login prompt. Commands can be exectued at the Enter
> password: prompt
> > as long as they are followed by a space and a ? Proof of
> concept
> > below: Cisco Systems Console
> > 
> > Enter password:
> > <data_size>                Size of the packet (0..1420)
> > <cr>                       
> > Enter password: traceroute 127.0.0.1
> > 
> > This vulnerability has yet to be confirmed by Cisco but they
> have been alerted about it.
> > 
> 


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ