lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: listuser at seifried.org (Kurt Seifried)
Subject: April 1st is here (joy). Subject: FW:*ALERT* NEW BID 10025 (URGENCY 9.3): Cisco CatOS Password

If you're going to pull an Apil 1st hoax it's gotta be a bit less obvious
then this. Although I have no doubt this will send at least a few list
members into dizzying heights of excitement (I suppose it's cheaper then a
subscription to playboy ;).

The :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

at the top is a nice touch though, I bet some people will fall for it even
though there's nothing at the bottom.


Kurt Seifried, kurt@...fried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


----- Original Message ----- 
From: "flair loops" <flairloops@...mail.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Wednesday, March 31, 2004 22:42
Subject: [Full-Disclosure] Subject: FW:*ALERT* NEW BID 10025 (URGENCY 9.3):
Cisco CatOS Password


>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Symantec Vulnerability Alert
>
> Cisco IOS Password Prompt Unauthorized Remote Command Execution
> Vulnerability
> Bugtraq ID 10025
> CVE CVE-MAP-NOMATCH
> Published Apr 01 2004 6:22:69 PM GMT
> Remote Yes
> Local No
> Credibility Vendor Confirmed
> Classification Access Validation Error
> Ease No Exploit Required
> Availability Always
> Authentication Not Required
>
> Impact 9.2 Severity 8.9 Urgency Rating 9.3
>
> Last Change Cisco has responded to this issue; see Technical
> Information and References for details.
>
> Vulnerable Systems
> - ------------------
> Cisco IOS 11.0
> Cisco IOS 11.1 CC
> Cisco IOS 11.1 CA
> Cisco IOS 11.1 AA
> Cisco IOS 11.1
> Cisco IOS 11.2 SA
> Cisco IOS 11.2 P
> Cisco IOS 11.2
> Cisco IOS 11.3 T
> Cisco IOS 11.3
> Cisco IOS 12.0 XW
> Cisco IOS 12.0 XV
> Cisco IOS 12.0 XU
> Cisco IOS 12.0 XS
> Cisco IOS 12.0 XR
> Cisco IOS 12.0 XQ
> Cisco IOS 12.0 XP
> Cisco IOS 12.0 XN
> Cisco IOS 12.0 XM
> Cisco IOS 12.0 XL
> Cisco IOS 12.0 XK
> Cisco IOS 12.0 XJ
> Cisco IOS 12.0 XI
> Cisco IOS 12.0 XH
> Cisco IOS 12.0 XG
> Cisco IOS 12.0 XF
> Cisco IOS 12.0 XE
> Cisco IOS 12.0 XD
> Cisco IOS 12.0 XC
> Cisco IOS 12.0 XB
> Cisco IOS 12.0 XA
> Cisco IOS 12.0 WT
> Cisco IOS 12.0 WC
> Cisco IOS 12.0 W5
> Cisco IOS 12.0 T
> Cisco IOS 12.0 SZ
> Cisco IOS 12.0 SY
> Cisco IOS 12.0 SX
> Cisco IOS 12.0 ST
> Cisco IOS 12.0 SP
> Cisco IOS 12.0 SL
> Cisco IOS 12.0 SC
> Cisco IOS 12.0 S
> Cisco IOS 12.0 DC
> Cisco IOS 12.0 DB
> Cisco IOS 12.0 DA
> Cisco IOS 12.0
> Cisco IOS 12.1 YJ
> Cisco IOS 12.1 YI
> Cisco IOS 12.1 YH
> Cisco IOS 12.1 YF
> Cisco IOS 12.1 YE
> Cisco IOS 12.1 YD
> Cisco IOS 12.1 YC
> Cisco IOS 12.1 YB
> Cisco IOS 12.1 XZ
> Cisco IOS 12.1 XY
> Cisco IOS 12.1 XX
> Cisco IOS 12.1 XW
> Cisco IOS 12.1 XV
> Cisco IOS 12.1 XU
> Cisco IOS 12.1 XT
> Cisco IOS 12.1 XS
> Cisco IOS 12.1 XR
> Cisco IOS 12.1 XQ
> Cisco IOS 12.1 XP
> Cisco IOS 12.1 XM
> Cisco IOS 12.1 XL
> Cisco IOS 12.1 XK
> Cisco IOS 12.1 XJ
> Cisco IOS 12.1 XI
> Cisco IOS 12.1 XH
> Cisco IOS 12.1 XG
> Cisco IOS 12.1 XF
> Cisco IOS 12.1 XE
> Cisco IOS 12.1 XD
> Cisco IOS 12.1 XC
> Cisco IOS 12.1 XB
> Cisco IOS 12.1 XA
> Cisco IOS 12.1 T
> Cisco IOS 12.1 M
> Cisco IOS 12.1 EY
> Cisco IOS 12.1 EX
> Cisco IOS 12.1 EW
> Cisco IOS 12.1 EV
> Cisco IOS 12.1 EC
> Cisco IOS 12.1 EB
> Cisco IOS 12.1 EA
> Cisco IOS 12.1 E
> Cisco IOS 12.1 DC
> Cisco IOS 12.1 DB
> Cisco IOS 12.1 DA
> Cisco IOS 12.1 AY
> Cisco IOS 12.1 AX
> Cisco IOS 12.1 AA
> Cisco IOS 12.1
> Cisco IOS 12.2 ZJ
> Cisco IOS 12.2 ZH
> Cisco IOS 12.2 ZG
> Cisco IOS 12.2 ZF
> Cisco IOS 12.2 ZE
> Cisco IOS 12.2 ZD
> Cisco IOS 12.2 ZC
> Cisco IOS 12.2 ZB
> Cisco IOS 12.2 ZA
> Cisco IOS 12.2 YZ
> Cisco IOS 12.2 YY
> Cisco IOS 12.2 YX
> Cisco IOS 12.2 YW
> Cisco IOS 12.2 YV
> Cisco IOS 12.2 YU
> Cisco IOS 12.2 YT
> Cisco IOS 12.2 YS
> Cisco IOS 12.2 YR
> Cisco IOS 12.2 YQ
> Cisco IOS 12.2 YP
> Cisco IOS 12.2 YO
> Cisco IOS 12.2 YN
> Cisco IOS 12.2 YM
> Cisco IOS 12.2 YL
> Cisco IOS 12.2 YK
> Cisco IOS 12.2 YJ
> Cisco IOS 12.2 YH
> Cisco IOS 12.2 YG
> Cisco IOS 12.2 YF
> Cisco IOS 12.2 YD
> Cisco IOS 12.2 YC
> Cisco IOS 12.2 YB
> Cisco IOS 12.2 YA
> Cisco IOS 12.2 XW
> Cisco IOS 12.2 XT
> Cisco IOS 12.2 XS
> Cisco IOS 12.2 XR
> Cisco IOS 12.2 XQ
> Cisco IOS 12.2 XN
> Cisco IOS 12.2 XM
> Cisco IOS 12.2 XL
> Cisco IOS 12.2 XK
> Cisco IOS 12.2 XJ
> Cisco IOS 12.2 XI
> Cisco IOS 12.2 XH
> Cisco IOS 12.2 XG
> Cisco IOS 12.2 XF
> Cisco IOS 12.2 XE
> Cisco IOS 12.2 XD
> Cisco IOS 12.2 XC
> Cisco IOS 12.2 XB
> Cisco IOS 12.2 XA
> Cisco IOS 12.2 T
> Cisco IOS 12.2 SZ
> Cisco IOS 12.2 SY
> Cisco IOS 12.2 SX
> Cisco IOS 12.2 S
> Cisco IOS 12.2 MX
> Cisco IOS 12.2 MC
> Cisco IOS 12.2 MB
> Cisco IOS 12.2 JA
> Cisco IOS 12.2 DX
> Cisco IOS 12.2 DD
> Cisco IOS 12.2 DA
> Cisco IOS 12.2 CY
> Cisco IOS 12.2 CX
> Cisco IOS 12.2 BZ
> Cisco IOS 12.2 BX
> Cisco IOS 12.2 BW
> Cisco IOS 12.2 BC
> Cisco IOS 12.2 B
> Cisco IOS 12.2 12.2XU
> Cisco IOS 12.2
>
> Short Summary
> - -------------
> Some Cisco IOS versions are allegedly prone to an issue that may
> permit remote attackers ot execute arbitrary commands from a password
> prompt.
>
> Impact
> - ------
> Remote attackers may allegedly execute shell commands on a vulnerable
> device without needing to authenticate.
>
> Technical Description
> - ---------------------
> It has been alleged that it is possible for remote attackers to execute
> arbitrary commands without proper authorization. Reportedly it is
> possible to execute shell commands from the password prompt on a device
> running a vulnerable version of Cisco IOS. The attacker must be able to
> connect to a vulnerable device via telnet, though it has not been ruled
> out that other remote administrative services such as SSH do not also
> present attack vectors.
>
> The discoverer of this vulnerability has stated that it is possible to
> exploit this issue by submitting a shell command to the password prompt,
> followed by a colon and a right bracket.
>
> Cisco has replied to this issue stating that it can be used to
> execute commands, retrieve information from the device and reveal
> information about traffic processed by the device. Details are available
> to registered Cisco users at:
> http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdr10025
>
>
> Attack Scenarios
> - ----------------
> The attacker must identify a vulnerable device and be able to connect to
> the device via telnet.
>
> The attacker exploits the vulnerability by submitting a properly
> formatted command via the "Enter password:" prompt. This command may be
> executed, potentially allowing the attacker to perform administrative
> actions on the device.
>
> Exploits
> - --------
> There is no exploit required.
>
> Mitigating Strategies
> - ---------------------
> Block external access at the network boundary, unless service is
> required by external parties.
> Filter external access to devices through use of network access controls
> and by only allowing trusted or internal networks and hosts to connect to
> devices.
>
> Disable any services that are not needed.
> Disable remote administration services such as telnet or SSH if they are
> not explicitly required to manage devices.
>
>
> Solutions
> - ---------
> Currently we are not aware of any vendor-supplied patches for this
> issue. If you feel we are in error or are aware of more recent
> information, please mail us at: vuldb@...urityfocus.com
> <mailto:vuldb@...urityfocus.com>.
>
>
> Credit
> - ------
> Discovery is credited to flairloops@...mail.com
>
>
> For help with interpreting the meaning of any of the sections or labels
> in the alert, please visit:
> https://alerts.symantec.com/help/sia-users/vulnerability-alert-pdf.htm
>
> View public key at:
> https://alerts.symantec.com/Members/gnupg-sigkey.asp
>
>
>
> Symantec Corporation
> The World Leader in Internet Security Technology and Early Warning
Solutions
> Visit our website at www.symantec.com
>
>
> _______________________________
> Symantec Deepsight Alert Services
>
> Powered by EnvoyWorldWide, Inc.
>
> _________________________________________________________________
> Find a cheaper internet access deal - choose one to suit you.
> http://www.msn.co.uk/internetaccess
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists