RE: CiSCO IOS 12.* source code stolen
Rough translation of: http://www.securitylab.ru/45221.html May, 15 2004 Leak of code CiSCO IOS source code? As it became known to SecurityLab, the source code of operating system CISCO IOS 12.3, 12.3t, which is used in the majority of Cisco network devices has been stolen on May 13, 2004. The total volume of the stolen information represents about 800MB in an archive file. According to the information available to us, the leak of fragments of the source code occurred because of a break-in into the corporate network of Cisco System. Representatives of Cisco System have not made any comments about the break-in so far. A person whose alias on *darknet@EFnet IRC is "franz" has given a small parts of the source code (about 2.5 Mb) as proof. Below are links to the first 100 first lines of source code of: ipv6_tcp.c: http://www.securitylab.ru/45222.html ipv6_discovery_test.c: http://www.securitylab.ru/45223.html
Cisco source codes never were a top secret, many people around the world had access to them (and I believe, it explains Cisco's stability and success). Rough translation of: http://www.securitylab.ru/45221.html May, 15 2004 Leak of code CiSCO IOS source code? As it became known to SecurityLab, the source code of operating system CISCO IOS 12.3, 12.3t, which is used in the majority of Cisco network devices has been stolen on May 13, 2004. The total volume of the stolen information represents about 800MB in an archive file. According to the information available to us, the leak of fragments of the source code occurred because of a break-in into the corporate network of Cisco System. Representatives of Cisco System have not made any comments about the break-in so far. A person whose alias on *darknet@EFnet IRC is "franz" has given a small parts of the source code (about 2.5 Mb) as proof. Below are links to the first 100 first lines of source code of: ipv6_tcp.c: http://www.securitylab.ru/45222.html ipv6_discovery_test.c: http://www.securitylab.ru/45223.html
Alexei Roudnev wrote:
Cisco source codes never were a top secret, many people around the world had access to them (and I believe, it explains Cisco's stability and success).
... and here is to hoping that Cisco don't try to use this incident, if it gets coverage outside a narrow readership, as a marketing exercise to blame coding error exploits on anyone but the company itself - unlike our friends in Redmond. Cisco have enough IPR to protect serious commercial exploitation of leaked code in other ways. Peter
On Sun, 16 May 2004, Peter Galbavy wrote: : > Cisco source codes never were a top secret, many people around the : > world had access to them (and I believe, it explains Cisco's : > stability and success). : : ... and here is to hoping that Cisco don't try to use this incident, if it : gets coverage outside a narrow readership, as a marketing exercise to blame : coding error exploits on anyone but the company itself - unlike our friends : in Redmond. Heh. Might make for a good peer review, though. At least CSCO manages to put out fixes after an exploit is released; MSFT tends to deny existence of the bug for up to months before releasing a fix. 8-) -- -- Todd Vierling <tv@duh.org> <tv@pobox.com>
Hmm, it's all interesting. EFnet IRC again... Does anyone have a full logs of EFnet IRC conversations? We used to participate in it 6 years ago (when fighting hackes in Russia), and it was very useful for following trends (of course, after you dump a heaps of junk). ----- Original Message ----- From: "Michel Py" <michel@arneill-py.sacramento.ca.us> To: "John Kinsella" <jlk@thrashyour.com>; <nanog@merit.edu> Sent: Saturday, May 15, 2004 1:45 PM Subject: RE: CiSCO IOS 12.* source code stolen Rough translation of: http://www.securitylab.ru/45221.html May, 15 2004 Leak of code CiSCO IOS source code? As it became known to SecurityLab, the source code of operating system CISCO IOS 12.3, 12.3t, which is used in the majority of Cisco network devices has been stolen on May 13, 2004. The total volume of the stolen information represents about 800MB in an archive file. According to the information available to us, the leak of fragments of the source code occurred because of a break-in into the corporate network of Cisco System. Representatives of Cisco System have not made any comments about the break-in so far. A person whose alias on *darknet@EFnet IRC is "franz" has given a small parts of the source code (about 2.5 Mb) as proof. Below are links to the first 100 first lines of source code of: ipv6_tcp.c: http://www.securitylab.ru/45222.html ipv6_discovery_test.c: http://www.securitylab.ru/45223.html
You do not have to steal the code, you can buy a cisco router from an equipment reseller and have all the access you want..... -Henry --- Alexei Roudnev <alex@relcom.net> wrote:
Hmm, it's all interesting. EFnet IRC again...
Does anyone have a full logs of EFnet IRC conversations? We used to participate in it 6 years ago (when fighting hackes in Russia), and it was very useful for following trends (of course, after you dump a heaps of junk).
----- Original Message ----- From: "Michel Py" <michel@arneill-py.sacramento.ca.us> To: "John Kinsella" <jlk@thrashyour.com>; <nanog@merit.edu> Sent: Saturday, May 15, 2004 1:45 PM Subject: RE: CiSCO IOS 12.* source code stolen
Rough translation of: http://www.securitylab.ru/45221.html
May, 15 2004
Leak of code CiSCO IOS source code?
As it became known to SecurityLab, the source code of operating system CISCO IOS 12.3, 12.3t, which is used in the majority of Cisco network devices has been stolen on May 13, 2004. The total volume of the stolen information represents about 800MB in an archive file.
According to the information available to us, the leak of fragments of the source code occurred because of a break-in into the corporate network of Cisco System.
Representatives of Cisco System have not made any comments about the break-in so far.
A person whose alias on *darknet@EFnet IRC is "franz" has given a small parts of the source code (about 2.5 Mb) as proof.
Below are links to the first 100 first lines of source code of:
ipv6_tcp.c: http://www.securitylab.ru/45222.html
ipv6_discovery_test.c: http://www.securitylab.ru/45223.html
On Sun, 16 May 2004, Henry Linneweh wrote:
You do not have to steal the code, you can buy a cisco router from an equipment reseller and have all the access you want.....
I wasn't aware you got a source license when you purchased Cisco gear. I need to have a talk with my reseller... smart-assitude aside, I do hope fallout is minimal and easily worked around. Hopefully even the script kiddies and other black hats understand that undermining the infrasture of the 'net would make all of their DDOS and SPAM zombies unusable. -S -- Scott Call Router Geek, ATGi, home of $6.95 Prime Rib I make the world a better place, I boycott Wal-Mart VoIP incoming: +1 360-382-1814
Scott Call <scall@devolution.com> writes:
smart-assitude aside, I do hope fallout is minimal and easily worked around. Hopefully even the script kiddies and other black hats understand that undermining the infrasture of the 'net would make all of their DDOS and SPAM zombies unusable.
s/unusable/redundant/. don't get your hopes up. ---rob
I should not be too aware of the possible usage of this source code for the exploit development; Cisco have a very few points, where it parse/process IP packets, and most of such points are filtered out in most Cisco's. Much more serious is _trade secrets_ issue. Of course, no one can take this codes and use them on their equipment, or grab library and reuse it. But, unfortunately, Cisco's codes should have many small tricks, smart design solutions and so on, which makes IOS so efficient, and this things can be reused by competitors (unfortunately for Cisco, only a few West countries respect author's rights, in other people are free to purchase this source codes from the hacker and use as much as they do want). (Of course, this leak can result in a few more SNMP exploits - but it is well known Issue /it is impossible to write out safe code for ASN.1 parser, in real world/ - what's a surprise!). ----- Original Message ----- From: "Scott Call" <scall@devolution.com> To: <nanog@merit.edu> Sent: Sunday, May 16, 2004 1:02 AM Subject: Re: CiSCO IOS 12.* source code stolen
On Sun, 16 May 2004, Henry Linneweh wrote:
You do not have to steal the code, you can buy a cisco router from an equipment reseller and have all the access you want.....
I wasn't aware you got a source license when you purchased Cisco gear. I need to have a talk with my reseller...
smart-assitude aside, I do hope fallout is minimal and easily worked around. Hopefully even the script kiddies and other black hats understand that undermining the infrasture of the 'net would make all of their DDOS and SPAM zombies unusable.
-S
-- Scott Call Router Geek, ATGi, home of $6.95 Prime Rib I make the world a better place, I boycott Wal-Mart VoIP incoming: +1 360-382-1814
smart-assitude aside, I do hope fallout is minimal and easily worked around. Hopefully even the script kiddies and other black hats understand that undermining the infrasture of the 'net would make all of their DDOS and SPAM zombies unusable.
It's hard to say what the fallout would be, but really.. When ios-11.2-8-src.tar.gz appeared online years ago.. What really happened with that? Not too much, iirc.
participants (8)
-
Alexei Roudnev -
Erik Parker -
Henry Linneweh -
Michel Py -
Peter Galbavy -
Robert E. Seastrom -
Scott Call -
Todd Vierling