Cisco IOS Vulnerability
Joe Abley
jabley at isc.org
Thu Jul 17 20:11:21 UTC 2003
On Thursday, Jul 17, 2003, at 15:59 Canada/Eastern, Andy Dills wrote:
> On Thu, 17 Jul 2003, Jack Bates wrote:
>
>> Sendmail root exploit took less than 24 hours to craft. I suspect that
>> this exploit will be found within 48 hours. Enough information was
>> provided to quickly guess where the problem lies with IPv4 processing.
>
> Sendmail is open source, IOS is not.
>
> Knowing where the problem is and knowing how to exploit it are two
> entirely different situations.
If any IOS source code has ever found its way out of cisco since IOS
10.3 (and surely, that must have happened), then it seems reasonable to
assume that there are people in the world currently comparing the
advisory to the source.
Joe
More information about the NANOG
mailing list