funsec mailing list archives
Vendor: Cisco IOS Server Backdoor May Have Been Planted
From: "Fergie" <fergdawg () netzero net>
Date: Tue, 15 May 2007 18:35:54 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via eWeek. [snip] A security vendor is questioning whether the IOS FTP Server vulnerabilities Cisco reported on May 9 may constitute an intentionally planted backdoor, as opposed to a series of programming errors that inadvertently led to a backdoor. Chris Eng, director of security services at Veracode, is suggesting that possibility given that a remote attacker would need one of the flawsimproper authorization checking in IOS FTPin order to exploit the second flawan IOS reload when transferring files via FTP. In essence, an attacker can bypass authentication and avoid giving credentials because of the first flaw. The attacker then has to overwrite the critical startup configuration file, then has to cause the router itself to reboot in order to execute the rewritten configuration file. [snip] More: http://www.eweek.com/article2/0,1759,2130100,00.asp - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) wj8DBQFGSf15q1pz9mNUZTMRAon9AJ4w18NGSaA+yo2qP8W+mMpEqJ/AhwCfT3UQ A/uVa/ZDUT/bRZwc43LHFCg= =dYSE -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Vendor: Cisco IOS Server Backdoor May Have Been Planted Fergie (May 15)