28 Jul
2005
28 Jul
'05
10:43 a.m.
On Wed, 27 Jul 2005, James Baldwin wrote:
Cisco had initially approved this talk. My understanding is that this has been fixed and no current IOS images were vulnerable to the techniques he was describing. ISS, Lynn, and Cisco had been working together for months on this issue before the talk.
Just because they fixed the bugs doesnt mean there arent a large number of publically accessible routers out there still running affected versions.. I suspect there was something slightly more than just giving information about the vulnerabilities.. the inference is that they demonstrated executing arbitrary code from buffer overflows.. perhaps for example they developed ways of opening up privilege vty which I dont think has been shown before Steve