| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Jan 12 18:45:34 2006 From: amit_juniperind at yahoo.co.in (Amit Sharma) Subject: FWD Cisco IOS Remote Command Execution Vulnerability > Vulnerability Bugtraq ID 16069 The BID itself points to someother bug. PJ Amit "ad@...poverflow.com" <ad@...poverflow.com> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Im sure it's a fake , there is the word "InfoSecBOFH" in it several times :>>>> terry comma wrote: > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec > Vulnerability Alert Cisco IOS Remote Command Execution > Vulnerability Bugtraq ID 16069 CVE CVE-PLH-NOMATCH Published Jan 09 > 2006 6:22:69 PM GMT Remote Yes Local No Credibility Vendor > Confirmed Classification Access Validation Error Ease No Exploit > Required Availability Always Impact 9.3 Severity 8.1 Urgency Rating > 9.4 Last Change Cisco has responded to this issue; see Technical > Information and References for details. > > Vulnerable Systems - ------------------ Cisco IOS 12.2 T Cisco IOS > 12.2 SZ Cisco IOS 12.2 SY Cisco IOS 12.2 SX Cisco IOS 12.2 S Cisco > IOS 12.2 MX Cisco IOS 12.2 MC Cisco IOS 12.2 MB Cisco IOS 12.2 JA > Cisco IOS 12.2 DX Cisco IOS 12.2 DD Cisco IOS 12.2 DA Cisco IOS > 12.2 CY Cisco IOS 12.2 CX Cisco IOS 12.2 BZ Cisco IOS 12.2 BX Cisco > IOS 12.2 BW Cisco IOS 12.2 BC Cisco IOS 12.2 B Cisco IOS 12.2 > 12.2XU Cisco IOS 12.2 > > Short Summary - ------------- Some Cisco IOS versions are allegedly > prone to an issue that may permit gay people to execute arbitrary > commands from a password prompt. > > Impact - ------ Remote attackers with small dicks may allegedly > execute shell commands on a vulnerable device without needing to > authenticate. > > Technical Description - --------------------- It has been alleged > that it is possible for remote attackers to execute arbitrary > commands without proper authorization. Reportedly it is possible to > execute shell commands from the password prompt on a device. The > attacker must have a small dick and be able to connect to a > vulnerable device via telnet, although it has not been ruled out > that bigger dicks may present other attack vectors. The discoverer > of this vulnerability has stated that it is possible to exploit > this issue by inputting 'IamGay!' at the password prompt. Cisco has > replied stating that only InfoSecBOFH is gay enough to exploit this > issue. Details are available to registered Cisco users at: > http://www.cisco.com/pcgi-bin/Support/InfoSecBOFH/ishegay.pl?bugid=CSCdr16069 > > > Attack Scenarios - ---------------- The attacker must identify a > vulnerable device and be in possession of a small dick. > > Exploits - -------- There is no exploit required. > > Mitigating Strategies - --------------------- Block InfoSecBOFH > access at the network boundary, unless the service is required by > external third party gay porn sites. > > Solutions - --------- Currently we are not aware of any > vendor-supplied patches for this issue. If you feel we are in error > or are aware of more recent information, please mail us at: vuldb > at securityfocus.com . > > Credit - ------ Discovery is credited to InfoSecBOFH at gmail.com > > For help with interpreting the meaning of any of the sections or > labels in the alert, please visit: > https://alerts.symantec.com/help/sia-users/vulnerability-alert-pdf.htm > View public key at: > https://alerts.symantec.com/Members/gnupg-sigkey.asp Symantec > Corporation The World Leader in Internet Security Technology and > Early Warning Solutions Visit our website at www.symantec.com > > > _______________________________ Symantec Deepsight Alert Services > Powered by EnvoyWorldWide, Inc. > > ---------------------------------------------------------------------- > Yahoo! Photos Ring in the New Year with Photo Calendars > . > Add photos, events, holidays, whatever. > > ---------------------------------------------------------------------- > > > _______________________________________________ Full-Disclosure - > We believe in it. Charter: > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ8Lik6+LRXunxpxfAQLJaBAAvOi5Mk+AFH20g7nDykqxr6MUeRymI6hu IT0smT4zRFaWVPAwJ9dDNzYiEirGTp9Ntu4Z0gg3XKyRRHE6z4h/VP7JesSx38BY VexIf60ozah8BKCef/V7CTEX2xUTd5ePVhYkVUpfinN7QeWaDywTFArzohuCAGFP iIGCWwdVogX92ouo8JkOjvVJV/jFF8dzIwzKbzkCG63ut9dssCiwJ9CzNiQc3ugJ pF2Ml10g/fbfi8qR+X+JOO3CZjGnzFYZYHqyFB2dkrR5WX8DerYDzjbWGJQWWPpX mmWTmEyD6Obl6lSoswnu+cO9cfZ8o6/YReBN43jMMznTnCGTFviFonGgQLFaAGvL 9OxkpEDdRVmX5awwLOKAejfkBpjcAeswQMRf0Obv45R8+lPNz60WsvDGH7L+UDwk w5HdtTUplTo+TjAQS7aygGl5cgArCFJ77GVKUt41FCd5mwOqyXh60OyCmXyqLbRJ rnMHTGlDLRflhZq/0no1P7pz+FjPhZZFGcMKQzs3wUWuLrzV1uQK2LTFebDoUXGh J0DitlEkq0laQ0V0sGYWB/XlsRUP0iVx6snMZrZ7+uNzFerEWx5NnVFG7RpPYFcF Tk/9w4ChIGOAZEQkpwGj4xgOeZVpBHK+E+SCjKdkqUBRi+M8gGDg90oFkQi/YtS7 Vao9kgMakoU= =1vmI -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Send instant messages to your online friends http://in.messenger.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060112/6afd8e9a/attachment.html
Powered by blists - more mailing lists