lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: flairloops at hotmail.com (flair loops) Subject: Subject: FW:*ALERT* NEW BID 10025 (URGENCY 9.3): Cisco CatOS Password -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Alert Cisco IOS Password Prompt Unauthorized Remote Command Execution Vulnerability Bugtraq ID 10025 CVE CVE-MAP-NOMATCH Published Apr 01 2004 6:22:69 PM GMT Remote Yes Local No Credibility Vendor Confirmed Classification Access Validation Error Ease No Exploit Required Availability Always Authentication Not Required Impact 9.2 Severity 8.9 Urgency Rating 9.3 Last Change Cisco has responded to this issue; see Technical Information and References for details. Vulnerable Systems - ------------------ Cisco IOS 11.0 Cisco IOS 11.1 CC Cisco IOS 11.1 CA Cisco IOS 11.1 AA Cisco IOS 11.1 Cisco IOS 11.2 SA Cisco IOS 11.2 P Cisco IOS 11.2 Cisco IOS 11.3 T Cisco IOS 11.3 Cisco IOS 12.0 XW Cisco IOS 12.0 XV Cisco IOS 12.0 XU Cisco IOS 12.0 XS Cisco IOS 12.0 XR Cisco IOS 12.0 XQ Cisco IOS 12.0 XP Cisco IOS 12.0 XN Cisco IOS 12.0 XM Cisco IOS 12.0 XL Cisco IOS 12.0 XK Cisco IOS 12.0 XJ Cisco IOS 12.0 XI Cisco IOS 12.0 XH Cisco IOS 12.0 XG Cisco IOS 12.0 XF Cisco IOS 12.0 XE Cisco IOS 12.0 XD Cisco IOS 12.0 XC Cisco IOS 12.0 XB Cisco IOS 12.0 XA Cisco IOS 12.0 WT Cisco IOS 12.0 WC Cisco IOS 12.0 W5 Cisco IOS 12.0 T Cisco IOS 12.0 SZ Cisco IOS 12.0 SY Cisco IOS 12.0 SX Cisco IOS 12.0 ST Cisco IOS 12.0 SP Cisco IOS 12.0 SL Cisco IOS 12.0 SC Cisco IOS 12.0 S Cisco IOS 12.0 DC Cisco IOS 12.0 DB Cisco IOS 12.0 DA Cisco IOS 12.0 Cisco IOS 12.1 YJ Cisco IOS 12.1 YI Cisco IOS 12.1 YH Cisco IOS 12.1 YF Cisco IOS 12.1 YE Cisco IOS 12.1 YD Cisco IOS 12.1 YC Cisco IOS 12.1 YB Cisco IOS 12.1 XZ Cisco IOS 12.1 XY Cisco IOS 12.1 XX Cisco IOS 12.1 XW Cisco IOS 12.1 XV Cisco IOS 12.1 XU Cisco IOS 12.1 XT Cisco IOS 12.1 XS Cisco IOS 12.1 XR Cisco IOS 12.1 XQ Cisco IOS 12.1 XP Cisco IOS 12.1 XM Cisco IOS 12.1 XL Cisco IOS 12.1 XK Cisco IOS 12.1 XJ Cisco IOS 12.1 XI Cisco IOS 12.1 XH Cisco IOS 12.1 XG Cisco IOS 12.1 XF Cisco IOS 12.1 XE Cisco IOS 12.1 XD Cisco IOS 12.1 XC Cisco IOS 12.1 XB Cisco IOS 12.1 XA Cisco IOS 12.1 T Cisco IOS 12.1 M Cisco IOS 12.1 EY Cisco IOS 12.1 EX Cisco IOS 12.1 EW Cisco IOS 12.1 EV Cisco IOS 12.1 EC Cisco IOS 12.1 EB Cisco IOS 12.1 EA Cisco IOS 12.1 E Cisco IOS 12.1 DC Cisco IOS 12.1 DB Cisco IOS 12.1 DA Cisco IOS 12.1 AY Cisco IOS 12.1 AX Cisco IOS 12.1 AA Cisco IOS 12.1 Cisco IOS 12.2 ZJ Cisco IOS 12.2 ZH Cisco IOS 12.2 ZG Cisco IOS 12.2 ZF Cisco IOS 12.2 ZE Cisco IOS 12.2 ZD Cisco IOS 12.2 ZC Cisco IOS 12.2 ZB Cisco IOS 12.2 ZA Cisco IOS 12.2 YZ Cisco IOS 12.2 YY Cisco IOS 12.2 YX Cisco IOS 12.2 YW Cisco IOS 12.2 YV Cisco IOS 12.2 YU Cisco IOS 12.2 YT Cisco IOS 12.2 YS Cisco IOS 12.2 YR Cisco IOS 12.2 YQ Cisco IOS 12.2 YP Cisco IOS 12.2 YO Cisco IOS 12.2 YN Cisco IOS 12.2 YM Cisco IOS 12.2 YL Cisco IOS 12.2 YK Cisco IOS 12.2 YJ Cisco IOS 12.2 YH Cisco IOS 12.2 YG Cisco IOS 12.2 YF Cisco IOS 12.2 YD Cisco IOS 12.2 YC Cisco IOS 12.2 YB Cisco IOS 12.2 YA Cisco IOS 12.2 XW Cisco IOS 12.2 XT Cisco IOS 12.2 XS Cisco IOS 12.2 XR Cisco IOS 12.2 XQ Cisco IOS 12.2 XN Cisco IOS 12.2 XM Cisco IOS 12.2 XL Cisco IOS 12.2 XK Cisco IOS 12.2 XJ Cisco IOS 12.2 XI Cisco IOS 12.2 XH Cisco IOS 12.2 XG Cisco IOS 12.2 XF Cisco IOS 12.2 XE Cisco IOS 12.2 XD Cisco IOS 12.2 XC Cisco IOS 12.2 XB Cisco IOS 12.2 XA Cisco IOS 12.2 T Cisco IOS 12.2 SZ Cisco IOS 12.2 SY Cisco IOS 12.2 SX Cisco IOS 12.2 S Cisco IOS 12.2 MX Cisco IOS 12.2 MC Cisco IOS 12.2 MB Cisco IOS 12.2 JA Cisco IOS 12.2 DX Cisco IOS 12.2 DD Cisco IOS 12.2 DA Cisco IOS 12.2 CY Cisco IOS 12.2 CX Cisco IOS 12.2 BZ Cisco IOS 12.2 BX Cisco IOS 12.2 BW Cisco IOS 12.2 BC Cisco IOS 12.2 B Cisco IOS 12.2 12.2XU Cisco IOS 12.2 Short Summary - ------------- Some Cisco IOS versions are allegedly prone to an issue that may permit remote attackers ot execute arbitrary commands from a password prompt. Impact - ------ Remote attackers may allegedly execute shell commands on a vulnerable device without needing to authenticate. Technical Description - --------------------- It has been alleged that it is possible for remote attackers to execute arbitrary commands without proper authorization. Reportedly it is possible to execute shell commands from the password prompt on a device running a vulnerable version of Cisco IOS. The attacker must be able to connect to a vulnerable device via telnet, though it has not been ruled out that other remote administrative services such as SSH do not also present attack vectors. The discoverer of this vulnerability has stated that it is possible to exploit this issue by submitting a shell command to the password prompt, followed by a colon and a right bracket. Cisco has replied to this issue stating that it can be used to execute commands, retrieve information from the device and reveal information about traffic processed by the device. Details are available to registered Cisco users at: http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdr10025 Attack Scenarios - ---------------- The attacker must identify a vulnerable device and be able to connect to the device via telnet. The attacker exploits the vulnerability by submitting a properly formatted command via the "Enter password:" prompt. This command may be executed, potentially allowing the attacker to perform administrative actions on the device. Exploits - -------- There is no exploit required. Mitigating Strategies - --------------------- Block external access at the network boundary, unless service is required by external parties. Filter external access to devices through use of network access controls and by only allowing trusted or internal networks and hosts to connect to devices. Disable any services that are not needed. Disable remote administration services such as telnet or SSH if they are not explicitly required to manage devices. Solutions - --------- Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@...urityfocus.com <mailto:vuldb@...urityfocus.com>. Credit - ------ Discovery is credited to flairloops@...mail.com For help with interpreting the meaning of any of the sections or labels in the alert, please visit: https://alerts.symantec.com/help/sia-users/vulnerability-alert-pdf.htm View public key at: https://alerts.symantec.com/Members/gnupg-sigkey.asp Symantec Corporation The World Leader in Internet Security Technology and Early Warning Solutions Visit our website at www.symantec.com _______________________________ Symantec Deepsight Alert Services Powered by EnvoyWorldWide, Inc. _________________________________________________________________ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
Powered by blists - more mailing lists