Cisco IOS Vulnerability

• Previous message (by thread): Cisco IOS Vulnerability
• Next message (by thread): Cisco IOS Vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

11.x IOS source was floating around a few years ago.  I wouldn't be
surprised if more recent versions were being distributed within the
underground community.

/m

----- Original Message -----
From: "Joe Abley" <jabley at isc.org>
To: "Andy Dills" <andy at xecu.net>
Cc: "Jack Bates" <jbates at brightok.net>; "Sean Donelan" <sean at donelan.com>;
"Mikael Abrahamsson" <swmike at swm.pp.se>; <nanog at merit.edu>
Sent: Thursday, July 17, 2003 1:11 PM
Subject: Re: Cisco IOS Vulnerability


>
>
> On Thursday, Jul 17, 2003, at 15:59 Canada/Eastern, Andy Dills wrote:
>
> > On Thu, 17 Jul 2003, Jack Bates wrote:
> >
> >> Sendmail root exploit took less than 24 hours to craft. I suspect that
> >> this exploit will be found within 48 hours. Enough information was
> >> provided to quickly guess where the problem lies with IPv4 processing.
> >
> > Sendmail is open source, IOS is not.
> >
> > Knowing where the problem is and knowing how to exploit it are two
> > entirely different situations.
>
> If any IOS source code has ever found its way out of cisco since IOS
> 10.3 (and surely, that must have happened), then it seems reasonable to
> assume that there are people in the world currently comparing the
> advisory to the source.
>
>
> Joe
>
>

• Previous message (by thread): Cisco IOS Vulnerability
• Next message (by thread): Cisco IOS Vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]