nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco IOS Exploit Cover Up

From: Brett Frankenberger <rbf () rbfnet com>
Date: Thu, 28 Jul 2005 09:37:36 -0500

On Thu, Jul 28, 2005 at 07:03:31AM -0700, Eric Rescorla wrote:


Can you or someone else who was there or has some details describe
what the actual result is and what the fix was? Based on what I've
been reading, it sounds like Lynn's result was a method for exploiting
arbitrary new vulnerabilities. Are you saying that this method can't
be used in future IOS revs? 


As nearly as I can tell from reports (I wasn't there), he (1) talked
about a general way to exploit a buffer overflow to cause arbitrary
code execution (this would apply to buffer overflows generally, but
would be completely useless if you didn't know of a buffer overflow to
exploit), and (2) demonstrated his technique using a previosuly known
buffer overflow vulnerability which Cisco has already patched.

So Cisco is correct in saying that he didn't identifiy any new
vulnerabilities, and Cisco is also correct in saying that the
vulnerability he used in his presentation to demonstrate his technique
has been patched.  However, the same technique will be useful on the
next buffer overflow vulnerability to be discovered.

     -- Brett
Previous By Date Next
Previous By Thread Next

Current thread: