On Thu, 12 Jan 2006, Gadi Evron wrote:
In this (http://blogs.securiteam.com/wp-admin/post.php?action=edit&post=207) recent Cisco advisory, the company alerts us to a security problem with Cisco MARS (Cisco Security Monitoring Analysis and Response System).
The security issue is basically a user account on the system that will give you root when accessed. ... Now? if Cisco knowingly put it there, shame on them. If somebody put it there without their knowledge? well, shame on them.
Cisco acquired Protego in Dec 2004 and thereby acquired MARS: http://www.infoworld.com/article/04/12/20/HNciscoprotego_1.html Cisco didn't put it in there - they bought the bug for $65M. :-)
Okay, but how about other vulnerabilities of this type? Are there any more backdoors to other Cisco products? If not, why wouldn?t they just come out and say that? ?There are NO other such backdoors in our products?.
I am sure there are more. The previous one I remember was with their Riverhead purchase: http://www.cisco.com/en/US/products/products_security_advisory09186a008037d0... and before that was: http://www.cisco.com/en/US/products/products_security_advisory09186a00802119... but I don't know which company was purchased to introduce that one. I think Cisco just doesn't check the product closely enough and trusts the R&D coders and doesn't introduce an external security QA to the product being purchased. -Hank