Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Cisco Security Advisory: IOS HTTP authorization vulnerability
From: "David Hyams" <david.hyams () kmu-security ch>
Date: Fri, 29 Jun 2001 12:30:30 +0200

----- Original Message -----
From: "Oliver Petruzel" <opetruzel () cox rr com>

(don't even get me started on the amount of info flying around networks
now via plaintext SNMP because of enterprise managaement consoles and
(soon to be nearly pointless) IDS systems.. Uhhg)

SNMP ? Did somebody mention SNMP?? My favorite protocol :-)
Seriously though, Cisco devices support SNMP V3, pity nobody bothers to use
it. I once heard there are add on products for network management systems
that support SNMP V3, but they're expensive. Would somebody like to start
"opensnmp", dedicated to open source implementations of "decent" SNMP agents
and tools? (Home page www.opensnmp.org maybe ?)

SIDE NOTE: I'd be VERY interested in seeing the process for discovery of
this latest cisco hole.  I havent been able to track down the logic used
in discovering the /xx/exec capability...

Well, don't laugh, but I was actually trying to study for the CCNA exam. I
was playing with a router and switch in the lab to get to know IOS better. I
eventually got bored and started playing with HTTP instead. On one of the
devices (can't remember which one), I noticed a URL of the form
http:://level/15/exec/... It seemed that the number 15 had something to do
with access levels, so I decided to try the number 42 just to see what
(Douglas Adams fans will instantly realise why 42 was a good number to try)

One more point before I forget - when I reported the problem to Cisco I was
amazed that nobody else had noticed it before. Maybe some people are
spending too much time looking for bugs in IIS?


David Hyams
david.hyams () kmu-security ch

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]