Home page logo
/

nanog logo nanog mailing list archives

Re: Cisco, haven't we learned anything? (technician reset)
From: Hank Nussbacher <hank () efes iucc ac il>
Date: Thu, 12 Jan 2006 16:16:21 +0200 (IST)


On Thu, 12 Jan 2006, Gadi Evron wrote:

In this
(http://blogs.securiteam.com/wp-admin/post.php?action=edit&post=207) recent
Cisco advisory, the company alerts us to a security problem
with Cisco MARS (Cisco Security Monitoring Analysis and Response System).

The security issue is basically a user account on the system that will
give you root when accessed.
...
Now? if Cisco knowingly put it there, shame on them. If somebody put it
there without their knowledge? well, shame on them.

Cisco acquired Protego in Dec 2004 and thereby acquired MARS:
http://www.infoworld.com/article/04/12/20/HNciscoprotego_1.html

Cisco didn't put it in there - they bought the bug for $65M. :-)


Okay, but how about other vulnerabilities of this type? Are there any more
backdoors to other Cisco products?
If not, why wouldn?t they just come out and say that?
?There are NO other such backdoors in our products?.

I am sure there are more.  The previous one I remember was with their
Riverhead purchase:
http://www.cisco.com/en/US/products/products_security_advisory09186a008037d0c5.shtml

and before that was:
http://www.cisco.com/en/US/products/products_security_advisory09186a00802119c8.shtml
but I don't know which company was purchased to introduce that one.

I think Cisco just doesn't check the product closely enough and trusts the
R&D coders and doesn't introduce an external security QA to the product
being purchased.

-Hank


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]