| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <47C31998.2090205@ehawaii.gov> Date: Mon, 25 Feb 2008 09:40:08 -1000 From: Aaron Collins <collinsa@...waii.gov> To: tbbunn@....net Cc: bugtraq@...urityfocus.com Subject: Re: PIX Privilege Escalation Vulnerability I tried this on my 515E with 'Cisco PIX Security Appliance Software Version 7.1(1)' I also uses radius for auth, and I couldn't reproduce this exploit. This may just be a 7.1 issue. tbbunn@....net wrote: > I actually was able to reproduce this attack multiple times, and did verify that there was an enable secret password configured(as well as multiple User/Passwords on the TTY line, not that they should matter) . I will not be in my lab until Tuesday of next week, but I will reproduce this again and copy the exact configuration. I can not really argue any points until then. I really appreciate you'll looking into the matter. Again this was reproduced on a PIX 515E running v7.2 of Finesse. > > Terry Bunn,CCNA > tbbunn@....net > > -- -Aaron Collins Systems Engineer/ Release Engineer Hawaii Information Consortium 220 S. King St. Suite 2190 Honolulu, Hawaii 96813 Cell: 808.203.8756 Office: 808.587.4213 ************************************************************ CONFIDENTIALITY NOTICE: This email and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this email in error, please notify us immediately by returning it to the sender and delete this copy from your system. ************************************************************
Powered by blists - more mailing lists