[82717] in North American Network Operators' Group
Re: Cisco IOS Exploit Cover Up
daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Thu Jul 28 11:41:03 2005
From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Thu, 28 Jul 2005 15:39:31 GMT
To: rbf@rbfnet.com
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
One thing that bugs me, though, is the quote that is
credited to Lynn:
[snip]
"I feel I had to do what's right for the country and the national infrastructure," he said. "It has been confirmed that bad people are working on this (compromising IOS). The right thing to do here is to make sure that everyone knows that it's vulnerable."
[snip]
http://www.securityfocus.com/news/11259
Lynn's statement would tend to make one believe that this is
yet another example of a vulnerability that is awaiting an
exploit, not one that has yet to be discovered -- a sort of
Sword of Damocles, if you will...
- ferg
-- Brett Frankenberger <rbf@rbfnet.com> wrote:
On Thu, Jul 28, 2005 at 07:03:31AM -0700, Eric Rescorla wrote:
As nearly as I can tell from reports (I wasn't there), he (1) talked
about a general way to exploit a buffer overflow to cause arbitrary
code execution (this would apply to buffer overflows generally, but
would be completely useless if you didn't know of a buffer overflow to
exploit), and (2) demonstrated his technique using a previosuly known
buffer overflow vulnerability which Cisco has already patched.
So Cisco is correct in saying that he didn't identifiy any new
vulnerabilities, and Cisco is also correct in saying that the
vulnerability he used in his presentation to demonstrate his technique
has been patched. However, the same technique will be useful on the
next buffer overflow vulnerability to be discovered.
-- Brett
