Re: Cisco IOS Exploit Cover Up

[Eric Rescorla <ekr () rtfm com>]

James Baldwin <jbaldwin () antinode net> writes:

> On Jul 28, 2005, at 3:29 AM, Neil J. McRae wrote:
>
>
> > I couldn't disagree more. Cisco are trying to control the
> > situation as best they can so that they can deploy the needed
> > fixes before the $scriptkiddies start having their fun. Its
> > no different to how any other vendor handles a exploit and
> > I'm surprised to see network operators having such an attitude.
>
> That's part of the issue: this wasn't an exploit in the sense of
> something a $scriptkiddie could exploit. The sheer technical
> requirements of the exploit itself ensure that it will only be
> reproduced by a small number of people across the globe. There was no
> source or proof of concept code released and duplicating the
> information would only provide you a method to increase the severity
> of other potential exploits. It does not create any new exploits.
> Moreover, the fix for this was already released and you have not been
> able to download a vulnerable version of the software for months
> however there was no indication from Cisco regarding the severity of
> the required upgrade. That is to say, they knew in April that
> arbitrary code execution was possible on routers, they had it fixed
> by May, and we're hearing about it now and if Cisco had its way we
> might still not be hearing about it.

Can you or someone else who was there or has some details describe
what the actual result is and what the fix was? Based on what I've
been reading, it sounds like Lynn's result was a method for exploiting
arbitrary new vulnerabilities. Are you saying that this method can't
be used in future IOS revs? 

Thanks,
-Ekr

[Eric Rescorla                                  RTFM, Inc.]