| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Oct 2007 14:40:21 -0400 From: <full-disclosure@....hush.com> To: <andy.davis@...plc.com>, <full-disclosure@...ts.grok.org.uk>, <reepex@...il.com> Subject: Re: IRM Discover More Vulnerabilities in Cisco IOS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shut up pdp On Tue, 23 Oct 2007 14:31:52 -0400 reepex <reepex@...il.com> wrote: >---- >Bug 1: >"The Line Printer Daemon, which provides print server >functionality in >Cisco IOS is vulnerable to a software flaw whereby the length of >the >hostname of the router is not checked before being copied into a >fixed >size memory buffer. ..... However, the attacker must be able to >control the hostname of the router, which could be achieved via >SNMP." > >Ok... so for this "remote" attack the victim would need a badly >configured snmp listening public... ok pdp architect > >--- >Bug 2: >Cisco say its cross-site scripting > >Ok you are still stealing pdp architect's research >--- > >Bug 3-7,10-15 >"Local" attacks on a cisco - lulz > >Not even pdp would go this low >--- > >Bug 8,9: no info - im sure its elite though > >Having a bug but releasing no info - sounds like drraid and pdp >architec to me > >----- > >so basically you found a bunch of local bugs in ciscos and a bug >if >you can control snmp - way to go - your "grep -r strcpy *" skills >are >quiet strong. Eeye and idefense would glady hire you. > >Do you wonder why you found 12 bugs and get no press but michael >lynn >finds a couple and cisco is throwing lawyers and lawsuits at him? - >-- >its probably because his mattered and yours are a joke - just like >you >and your company. > > >On 10/23/07, Andy Davis <andy.davis@...plc.com> wrote: >> In the last three months IRM has discovered a total of 13 new >security >> vulnerabilities in Cisco IOS. These vulnerabilities were >reported to >> Cisco and have all been allocated PSIRT reference numbers while >the root >> cause and potential impact of each is investigated. Cisco has >taken all >> the vulnerability reports extremely seriously and has already >started >> releasing patches and workarounds to mitigate them (e.g. >> http://www.cisco.com/warp/public/707/cisco-sr-20071010- >lpd.shtml). As >> the remaining patches or workarounds are developed, IRM will >release >> security advisories, which will include full technical details >of each >> vulnerability and links to patch download information. >> >> More information about the new vulnerabilities discovered is >available >> here: >> >> http://www.irmplc.com/index.php/111-Vendor-Alerts >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkceQBUACgkQqTTbVuUWvbLNnwQAlOLcbkRkqv4Ainy6ZfISAsTR3wXl rxUvX+C5qRS4NW/lZ55e1wHe2GDt3gpfpstIKwTbnt/N6FqGDNFx6UO/KyjHY8sRc058 RSi9uGiWviRS35j9RBMj+44z1rMDnfATvcJ2YUsLdStjmMg2zuCkas205NA/PQEO0422 TR3IbsQ= =VYiE -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists