[82685] in North American Network Operators' Group
RE: Cisco IOS Exploit Cover Up
daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Wed Jul 27 16:10:59 2005
From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Wed, 27 Jul 2005 20:09:00 GMT
To: hannigan@verisign.com
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
For what ot's worth, this story is running in the
popular trade press:
"Cisco nixes conference session on hacking IOS router code"
http://www.networkworld.com/news/2005/072705-cisco-ios.html
- ferg
-- "Hannigan, Martin" <hannigan@verisign.com> wrote:
>
> For those who like to keep abreast of security issues, there are
> interesting developments happening at BlackHat with regards to Cisco
> IOS and its vulnerability to arbitrary code executions.
>
> I apologize for the article itself being brief and lean on technical
> details, but allow me to say that it does represent a real problem
> (as in practical and confirmed):
>
> http://blogs.washingtonpost.com/securityfix/2005/07/mending_a_
> hole_.html
>
Yes, practical _and_ confirmed, but you'll never get $vendor to
admit it, which is the problem to begin with.
-M<
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
