Bugtraq mailing list archives
Re: Cisco 6509 switch telnet vulnerability
From: twig les <twigles () yahoo com>
Date: Sat, 4 Oct 2003 19:25:39 -0700 (PDT)
I could not replicate this on a 6509 using remote authentication and secureID, and those are the only ones we have around. Has anyone been able to replicate this? --- Bob Niederman <btrq () bob-n com> wrote:
While this is clearly a bug, the example given does not show that it's serious. The example (and the statement "...as long as they are followed by a space and a ?") shows that you have gotten the syntax for the next parameter of the command, not that you have executed it. --- My mail server bit-buckets mail to this address which is not from securityfocus.com servers. To email me, send to bob AT bob-n DOT com On 3 Oct 2003, Chris Norton wrote:A vulnerability has been found on Cisco 6509 switches. The vulnerability was found to work on 2 different Cisco 6509switchesrunning CATOS 5.4(2) and 5.5(2). The vulnerability can leadtoinformation and commands being exectued on the remote switchfrom thelogin prompt. Commands can be exectued at the Enterpassword: promptas long as they are followed by a space and a ? Proof ofconceptbelow: Cisco Systems Console Enter password: <data_size> Size of the packet (0..1420) <cr> Enter password: traceroute 127.0.0.1 This vulnerability has yet to be confirmed by Cisco but theyhave been alerted about it.
__________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
Current thread:
- Cisco 6509 switch telnet vulnerability Chris Norton (Oct 03)
- Re: Cisco 6509 switch telnet vulnerability Wendy Garvin (Oct 04)
- Re: Cisco 6509 switch telnet vulnerability Bob Niederman (Oct 04)
- Re: Cisco 6509 switch telnet vulnerability twig les (Oct 06)