11.x IOS source was floating around a few years ago. I wouldn't be surprised if more recent versions were being distributed within the underground community. /m ----- Original Message ----- From: "Joe Abley" <jabley@isc.org> To: "Andy Dills" <andy@xecu.net> Cc: "Jack Bates" <jbates@brightok.net>; "Sean Donelan" <sean@donelan.com>; "Mikael Abrahamsson" <swmike@swm.pp.se>; <nanog@merit.edu> Sent: Thursday, July 17, 2003 1:11 PM Subject: Re: Cisco IOS Vulnerability
On Thursday, Jul 17, 2003, at 15:59 Canada/Eastern, Andy Dills wrote:
On Thu, 17 Jul 2003, Jack Bates wrote:
Sendmail root exploit took less than 24 hours to craft. I suspect that this exploit will be found within 48 hours. Enough information was provided to quickly guess where the problem lies with IPv4 processing.
Sendmail is open source, IOS is not.
Knowing where the problem is and knowing how to exploit it are two entirely different situations.
If any IOS source code has ever found its way out of cisco since IOS 10.3 (and surely, that must have happened), then it seems reasonable to assume that there are people in the world currently comparing the advisory to the source.
Joe