nanog mailing list archives

Re: Cisco IOS Exploit Cover Up

From: Andre Ludwig <andre.ludwig () gmail com>
Date: Wed, 27 Jul 2005 16:16:58 -0400


Damn he sure did cause a shit storm AGAIN..

from the crn article it looks like they might have him pinned on an
NDA violation.. (taking a shot in the dark)

quote below.

"Cisco respects and encourages the work of independent research
scientists; however, we follow an industry established disclosure
process for communicating to our customers and partners," the company
said in a statement released Wednesday. "It is especially regretful,
and indefensible, that the Black Hat Conference organizers have given
Mr. Lynn a platform to publicly disseminate the information he
illegally obtained."


Which i find is funny because i know that for years people have been
beating up on him for more info into the cisco wireless cards that he
had access to under NDA.  He never once budged from what i know of and
heard.

Damn guess we will have to wait and see what happens, to bad i missed the talk. 



On 7/27/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:



For what ot's worth, this story is running in the
popular trade press:

"Cisco nixes conference session on hacking IOS router code"
http://www.networkworld.com/news/2005/072705-cisco-ios.html

- ferg


-- "Hannigan, Martin" <hannigan () verisign com> wrote:


For those who like to keep abreast of security issues, there are
interesting developments happening at BlackHat with regards to Cisco
IOS and its vulnerability to arbitrary code executions.

I apologize for the article itself being brief and lean on technical
details, but allow me to say that it does represent a real problem
(as in practical and confirmed):

http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
hole_.html



Yes, practical _and_ confirmed, but you'll never get $vendor to
admit it, which is the problem to begin with.


-M<

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/

Current thread:

Cisco IOS Exploit Cover Up James Baldwin (Jul 27)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 27)
- <Possible follow-ups>
- RE: Cisco IOS Exploit Cover Up Hannigan, Martin (Jul 27)
- RE: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 27)
  - Re: Cisco IOS Exploit Cover Up Andre Ludwig (Jul 27)
  - RE: Cisco IOS Exploit Cover Up Dan Hollis (Jul 27)
    - RE: Cisco IOS Exploit Cover Up Neil J. McRae (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Christopher L. Morrow (Jul 28)
    - Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Eric Rescorla (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Brett Frankenberger (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
    - RE: Cisco IOS Exploit Cover Up Scott Morris (Jul 28)

(Thread continues...)