Home page logo

nanog logo nanog mailing list archives

Re: Cisco, haven't we learned anything? (technician reset)
From: Hank Nussbacher <hank () efes iucc ac il>
Date: Thu, 12 Jan 2006 16:16:21 +0200 (IST)

On Thu, 12 Jan 2006, Gadi Evron wrote:

In this
(http://blogs.securiteam.com/wp-admin/post.php?action=edit&post=207) recent
Cisco advisory, the company alerts us to a security problem
with Cisco MARS (Cisco Security Monitoring Analysis and Response System).

The security issue is basically a user account on the system that will
give you root when accessed.
Now? if Cisco knowingly put it there, shame on them. If somebody put it
there without their knowledge? well, shame on them.

Cisco acquired Protego in Dec 2004 and thereby acquired MARS:

Cisco didn't put it in there - they bought the bug for $65M. :-)

Okay, but how about other vulnerabilities of this type? Are there any more
backdoors to other Cisco products?
If not, why wouldn?t they just come out and say that?
?There are NO other such backdoors in our products?.

I am sure there are more.  The previous one I remember was with their
Riverhead purchase:

and before that was:
but I don't know which company was purchased to introduce that one.

I think Cisco just doesn't check the product closely enough and trusts the
R&D coders and doesn't introduce an external security QA to the product
being purchased.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]