nanog mailing list archives
Re: Cisco IOS Exploit Cover Up
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 28 Jul 2005 15:46:42 +0200
* James Baldwin:
A fix had been generated with the vendor and it was time that the information to become public so network operators understood that the remote execution empty world we had lived in until now was over.
Huh? Remote code injection exploits on Cisco routers have been demonstrated before, haven't they? Previous ones were rather fragile, and the amount of knowledge and experimentation needed was rather high. Actually, this is the type of exploit I would expect to be unavailable to the general public (read: network operators) for a long, long time. If there was a perception in the community that remote code injection exploits were a non-issue on routers, then this incident was long overdue, and Cisco should be thankful because their customers can assess risks in a more realistic way. ISS is probably the real loser here because these days, their business is based to a large extent on selling access to relevant strategic information, and dissemination of any background information reduces the value of their service (or the exclusiveness of the offerrings, at the least).
Current thread:
- RE: Cisco IOS Exploit Cover Up, (continued)
- RE: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 27)
- Re: Cisco IOS Exploit Cover Up Andre Ludwig (Jul 27)
- RE: Cisco IOS Exploit Cover Up Dan Hollis (Jul 27)
- RE: Cisco IOS Exploit Cover Up Neil J. McRae (Jul 28)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Christopher L. Morrow (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Eric Rescorla (Jul 28)
- Re: Cisco IOS Exploit Cover Up Brett Frankenberger (Jul 28)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- RE: Cisco IOS Exploit Cover Up Scott Morris (Jul 28)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jason Frisvold (Jul 28)
- RE: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 27)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jared Mauch (Jul 28)
- Re: Cisco IOS Exploit Cover Up Stephen Sprunk (Jul 28)
- Re: Cisco IOS Exploit Cover Up Gordon Cook (Jul 27)
- Re: Cisco IOS Exploit Cover Up Jeff Kell (Jul 27)