Cisco cover up

• Previous message (by thread): Cisco cover up
• Next message (by thread): Cisco cover up
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 27 Jul 2005, James Baldwin wrote:

> Cisco had initially approved this talk. My understanding is that this has been
> fixed and no current IOS images were vulnerable to the techniques he was
> describing. ISS, Lynn, and Cisco had been working together for months on this
> issue before the talk.

Just because they fixed the bugs doesnt mean there arent a large number of 
publically accessible routers out there still running affected versions..

I suspect there was something slightly more than just giving information about
the vulnerabilities.. the inference is that they demonstrated executing
arbitrary code from buffer overflows.. perhaps for example they developed ways
of opening up privilege vty which I dont think has been shown before

Steve

• Previous message (by thread): Cisco cover up
• Next message (by thread): Cisco cover up
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]