Bugtraq mailing list archives

Re: Cisco device HTTP exploit...

From: Damir Rajnovic <gaus () cisco com>
Date: Wed, 04 Jul 2001 07:02:13 +0100

Hello there,

At 16:57 03/07/2001 +1000, Marc-Adrian Napoli wrote:

i cant seem to recreate this exploit on any of my 1900/2900/2500/2600's?


I can just restate the advisory, this exploit is dependant on the
combination of the IOS version and the HW. For that reason a 'magic'
number is different in some cases. As it seems now, some combinations
look like immune to this attack. I am not surprised that it is so, so
you do not have to be either.

Cheers,

Gaus

P.S.

It was really interesting watching some of "exploits" that has been
posted on the list. That one really brighten my day.

Gaus
==============
Damir Rajnovic <psirt () cisco com>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
Phone: +44 7715 546 033
4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB
==============
There is no insolvable problems. Question remains: can you 
accept the solution?

Current thread:

Cisco device HTTP exploit... Half Adder (Jul 02)
- Re: Cisco device HTTP exploit... Marc-Adrian Napoli (Jul 03)
  - Re: Cisco device HTTP exploit... Damir Rajnovic (Jul 04)
- Re: Cisco device HTTP exploit... Grzegorz Krawczyk (Jul 03)
- <Possible follow-ups>
- RE: Cisco device HTTP exploit... Thornton, Simon (Simon)** CTR ** (Jul 05)