[82718] in North American Network Operators' Group
RE: Cisco IOS Exploit Cover Up
daemon@ATHENA.MIT.EDU (Buhrmaster, Gary)
Thu Jul 28 12:23:22 2005
Date: Thu, 28 Jul 2005 08:14:13 -0700
From: "Buhrmaster, Gary" <gtb@slac.stanford.edu>
To: "Network Fortius" <netfortius@gmail.com>, <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
The video *might* be available on the Washington Post later today.
From http://netsec.blogspot.com/
"Michael Lynn's "The Holy Grail: Cisco Shellcode and Remote Execution" =
presentation blew the doors off of Caesar's Palace Today with a full=20
shell code exec capabilities for nearly ANY Cisco vulnerability. If=20
your organization hasn't updated any Cisco IOS-based devices lately,=20
the devices may be under someone else's control.
The story from Michael Lynn proceed like this: He discovered clues=20
that there was an issue being exploited when reading translated=20
Chinese hacker sites that alluded to the issue. It was likely=20
discovered after the theft of the Cisco Source code in May 2004=20
which was itself part of a larger series of intrusions. Upon further=20
research leading to the development of working proo-of-concept code,=20
he and his former employer ISS notified Cisco. Cisco patched the=20
issue silently in April but never issued an advisory as to the=20
seriousness of the issue. Cisco has since pulled all older, vulnerable =
versions of IOS from it's web site. After discovering that ISS was=20
allow Lynn to present on the issue, Cisco CEO John Chambers attempted=20
to censor the issue. When ISS stood it's ground, John Chambers=20
requested that the US Government intervene as a matter of national=20
security to no apparent avail.
The popular press is starting to pick up on the issue now and I hear=20
rumour that Michael's presentation MIGHT be made available in video=20
via the Washington Post web site tomorrow."
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On=20
> Behalf Of Network Fortius
> Sent: Wednesday, July 27, 2005 6:39 PM
> To: nanog@merit.edu
> Subject: Re: Cisco IOS Exploit Cover Up
>=20
>=20
> I have been searching the net since this morning, for "The Holy =20
> Grail: Cisco IOS Shellcode Remote Execution", or variations of such. =20
> This seems to be - at the moment - the most thought after torrent ...
>=20
> Stef
> Network Fortius, LLC
>=20
> On Jul 27, 2005, at 8:13 PM, Daniel Golding wrote:
>=20
> >
> >
> > Since the talk was actually delivered - does anyone have a =20
> > transcript or a
> > torrent for audio/video?
> >
> > - Dan
> >
> > On 7/27/05 8:10 PM, "Jeff Kell" <jeff-kell@utc.edu> wrote:
> >
> >
> >>
> >> Cisco's response thus far:
> >>
> >> http://www.cisco.com/en/US/about/security/intelligence/=20
> >> MySDN_CiscoIOS.html
> >>
> >> Jeff
> >>
> >
> >
> >
> >
>=20
>=20
