Warning: Cisco RW community backdoor.

Tue Feb 27 04:53:58 UTC 2001

On Mon, 26 Feb 2001, Omachonu Ogali wrote:

> Please, stop the damn FUD, how do you know it wasn't accidentally left
> in by a programmer doing debugging? I bet you assume all buffer overflows
> are purposely put in also, eh? Sure. I expect it to cut back on your
> confidence in Cisco IOS, but also, what's this noise about code? Do you 
> happen to have a hold on IOS source code or something that you personally
> audit?
> 
> -- 
> Omachonu Ogali
> missnglnk at informationwave.net
> http://www.informationwave.net
> 

I expect an organization as large as Cisco, with a QA section as large as
Ciscos to NOT leave things accidentally in code.

Buffer overflows, while APIMA, are accidental in nature, sometimes brought
on by incompetence, more often brought on my inexperience.

As for having IOS source, no, I don't.  I won't even say that if I did
have access to the source I would have found it.  I do know that if the
source was open, it would have been found much earlier and I will say that
every decent programmer that has put things in code for degugging COMMENTS
such code in a manner that it is easy to grep and remove.

In Ciscos defence, it appears that the ILMI community is there for ATM
functionality.  It would have been nice for them to have noticed this
"feature" in the SNMP implementation and caused the code to add it to the
config where it was PLAINLY visible.

Basically, someone, perhaps many people, knew about this issue and did not
act on it.  This is not IMHO the proper way to treat a security issue.

It has already been stated that the damage caused by this "feature" is
limited.  _ANY_ unauthorized changes to router configs is a VERY BAD thing
though and as such, this is a VERY BAD thing.

I appreciate your direct approach.  In the future, I would also appreciate
your not cursing me.  I don't know you.  You don't know me.  Lets be
professional, OK?

If you choose to reply, please do so off-list.

---
John Fraizer
EnterZone, Inc