Home page logo

basics logo Security Basics mailing list archives

Re: Mike Lynn released information about a hacking Cisco IOS
From: routerg <routerg () gmail com>
Date: Fri, 5 Aug 2005 09:40:06 -0400

Also expense.  There are tones of 2500's running 10.* and 11.* that
would require either upgrading memory and flash or even the whole
platform.  The mass amount of organizations not that concerned with
network security probably don't want to spend the money to upgrade.

But unfortunately yeah, upgrade for now.

On 8/3/05, McKinley, Jackson <Jackson.McKinley () team telstra com> wrote:
Hash: SHA1

 Other problem people face and im sure others do as well with patching
equipment is "Certs" some devices are cleared for work on set OS lvls.
For instance the new PIX OS code isnt EAL4 cert..

So patching isnt always an option.

Layered defence is the best option I say.  That way one weakness can be
removed by a second system.

- -----Original Message-----
From: Kelly Martin [mailto:kel () securityfocus com]
Sent: Thursday, 4 August 2005 10:42 AM
To: ddjjembe 2
Cc: security-basics () securityfocus com
Subject: Re: Mike Lynn released information about a hacking Cisco IOS

ddjjembe 2 wrote:
Last week Mike Lynn released information about a hacking Cisco IOS.
Is there a patch to protect from this vulnerability?

Just keep your routers patched and you'll be safe. He used a very new
technique with an old vulnerability that has already been patched. The
biggest issue is that people aren't used to patching their Cisco routers
because no one has even been able to prove that shellcode can run on IOS


Kelly Martin
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]