lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0901201027360.14376@forced.attrition.org>
Date: Tue, 20 Jan 2009 10:33:26 +0000 (UTC)
From: security curmudgeon <jericho@...rition.org>
To: Andy Davis <iosftpexploit@...glemail.com>
Cc: bugtraq@...urityfocus.com, psirt@...co.com
Subject: Re: Remote Cisco IOS FTP exploit


(Note the date, late reply I know..)

On Tue, 29 Jul 2008, Andy Davis wrote:

: The IOS FTP server vulnerabilities were published in an advisory by 
: Cisco in May 2007. The FTP server does not run by default, it is not 
: widely used and has since been removed from new versions of IOS. 
: Therefore, I took the decision to release this exploit code in order to 
: show that IOS can be reliably exploited to provide remote level 15 exec 
: shell access. This clearly demonstrates that patching your router is 
: just as important as patching your servers.

:  Cisco IOS FTP server remote exploit by Andy Davis 2008
: 
:  Cisco Advisory ID: cisco-sa-20070509-iosftp - May 2007

>From the Cisco advisory:

  The Cisco IOS FTP Server feature contains multiple vulnerabilities that 
  can result in a denial of service (DoS) condition, improper verification 
  of user credentials, and the ability to retrieve or write any file from 
  the device filesystem, including the device's saved configuration. This 
  configuration file may include passwords or other sensitive information.

None of those sound like "remote overflow" to me. If this exploit code 
included in this mail is accurate, that means the Cisco advisory used 
crafty wording to hide the nate of the bug. Given they scored CSCek55259 / 
CVE-2007-2586 as 10.0 (and the other issue 2.0), that means that "improper 
verification of user credentials" and "Improper authorization checking in 
IOS FTP server" is really "remote overflow that allows unauthenticated 
code execution".

Andy or Cisco, could you confirm?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ