lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <002e01c35147$19fbb500$230b240a@corp.paetec.com>
From: bill.noren at paetec.com (bill.noren@...tec.com)
Subject: Cisco Bug 44020 - Final Thoughts

I thought I'd share the final results of my testing of the recent Cisco
exploit with the list here.  I had the concern that the new IOS versions
released by Cisco would be immune to the original exploit but may not cover
variants or other protocols that are susceptible.  I recompiled the exploit
code in such a way as to run through all protocol numbers from 1 to 1024 and
ran that against my test router; a 2611 running IOS 12.1(16).  I realize
that the field that contains the protocol number is 8 bits in length so
anything above 255 is academic but the results were interesting.  I
witnessed failures on the following port numbers: 53, 55, 77, 103, 309 and
823.  I did NOT get a failure on protocol 46 as someone else here suggested
(do you have details on that?).  Note that if you only count the right most
8 bits of 309 and 823, they are the same as 53 and 55 respectively so
there's probably a couple more numbers that also cause the failure.

I then upgraded my router to IOS 12.1(20)GD and ran my tests again looking
for any sign of the vulnerability.  The patch appears to work well and I
didn't find anything of note afterward except that the router seemed to
handle the input queue more efficiently.

Cheers,
-Bill


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ