Full Disclosure: Re: IRM Discover More Vulnerabilities in Cisco IOS

[<full-disclosure () mac hush com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

shut up pdp

On Tue, 23 Oct 2007 14:31:52 -0400 reepex <reepex () gmail com> wrote:
> ----
> Bug 1:
> "The Line Printer Daemon, which provides print server
> functionality in
> Cisco IOS is vulnerable to a software flaw whereby the length of
> the
> hostname of the router is not checked before being copied into a
> fixed
> size memory buffer. ..... However, the attacker must be able to
> control the hostname of the router, which could be achieved via
> SNMP."
>
> Ok... so for this "remote" attack the victim would need a badly
> configured snmp listening public... ok pdp architect
>
> ---
> Bug 2:
> Cisco say its cross-site scripting
>
> Ok you are still stealing pdp architect's research
> ---
>
> Bug 3-7,10-15
> "Local" attacks on a cisco - lulz
>
> Not even pdp would go this low
> ---
>
> Bug 8,9: no info - im sure its elite though
>
> Having a bug but releasing no info - sounds like drraid and pdp
> architec to me
>
> -----
>
> so basically you found a bunch of local bugs in ciscos and a bug
> if
> you can control snmp - way to go - your "grep -r strcpy *" skills
> are
> quiet strong. Eeye and idefense would glady hire you.
>
> Do you wonder why you found 12 bugs and get no press but michael
> lynn
> finds a couple and cisco is throwing lawyers and lawsuits at him? -
> --
> its probably because his mattered and yours are a joke - just like
> you
> and your company.
>
>
> On 10/23/07, Andy Davis <andy.davis () irmplc com> wrote:
> > In the last three months IRM has discovered a total of 13 new
> security
> > vulnerabilities in Cisco IOS. These vulnerabilities were
> reported to
> > Cisco and have all been allocated PSIRT reference numbers while
> the root
> > cause and potential impact of each is investigated. Cisco has
> taken all
> > the vulnerability reports extremely seriously and has already
> started
> > releasing patches and workarounds to mitigate them (e.g.
> > http://www.cisco.com/warp/public/707/cisco-sr-20071010-
> lpd.shtml). As
> > the remaining patches or workarounds are developed, IRM will
> release
> > security advisories, which will include full technical details
> of each
> > vulnerability and links to patch download information.
> >
> > More information about the new vulnerabilities discovered is
> available
> > here:
> >
> > http://www.irmplc.com/index.php/111-Vendor-Alerts
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkceQBUACgkQqTTbVuUWvbLNnwQAlOLcbkRkqv4Ainy6ZfISAsTR3wXl
rxUvX+C5qRS4NW/lZ55e1wHe2GDt3gpfpstIKwTbnt/N6FqGDNFx6UO/KyjHY8sRc058
RSi9uGiWviRS35j9RBMj+44z1rMDnfATvcJ2YUsLdStjmMg2zuCkas205NA/PQEO0422
TR3IbsQ=
=VYiE
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/