[39270] in North American Network Operators' Group
Re: Cisco IOS Vulnerability
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Fri Jun 29 23:56:33 2001
Message-ID: <3B3D50C1.D88C5A0A@netmore.net>
Date: Fri, 29 Jun 2001 21:08:33 -0700
From: Roland Dobbins <rdobbins@netmore.net>
Reply-To: rdobbins@netmore.net
MIME-Version: 1.0
To: Larry Diffey <ldiffey@technologyforward.com>
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Now, if we could just stop people from posting to email lists
using HTML and/or RTF-formatted mail . . .
Larry Diffey wrote:
>
> CERT and Cisco have issued a warning about a vulnerability in the
> Cisco IOS starting at version 11.3 and affecting all later versions.
>
> If your Cisco equipment is HTTP enabled and you're not using TACACS+
> or RADIUS for authentication it is vulnerable to complete takeover.
> The hack is very simple.
>
> Please read the Cisco warning and/or the CERT advisory for further
> information.
>
> The warnings were released yesterday.
>
> Happy Hacker Stopping.
>
> Larry Diffey
>
--
------------------------------------------------------------
Roland Dobbins <rdobbins@netmore.net> // 408.859.4137 voice
