Bugtraq mailing list archives
Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 11 Oct 2007 18:55:16 +0200
* Halvar Flake:
So in short, they are demonstrating that * IF you have console access * AND the enable password * AND you enable the debugger you can execute code ? So all in all, it's a complete non-issue ?
Not completely. There are some configurations in which EXEC mode is not fully privileged. For instance, someone might be covertly capturing flows passing through the router. The ability to execute arbitrary code can be used to reveal that activity, and the router operator may not be authorized to do so. However, it seems to me that this is more or less a compliance thing, not a security issue.
Current thread:
- Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Damir Rajnovic (Oct 10)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake (Oct 10)
- RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 11)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake (Oct 11)
- RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 11)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake (Oct 11)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Roman Medina-Heigl Hernandez (Oct 12)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Mark Senior (Oct 12)
- RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 11)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake (Oct 10)
- <Possible follow-ups>
- RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 16)