One thing that bugs me, though, is the quote that is credited to Lynn: [snip] "I feel I had to do what's right for the country and the national infrastructure," he said. "It has been confirmed that bad people are working on this (compromising IOS). The right thing to do here is to make sure that everyone knows that it's vulnerable." [snip] http://www.securityfocus.com/news/11259 Lynn's statement would tend to make one believe that this is yet another example of a vulnerability that is awaiting an exploit, not one that has yet to be discovered -- a sort of Sword of Damocles, if you will... - ferg -- Brett Frankenberger <rbf@rbfnet.com> wrote: On Thu, Jul 28, 2005 at 07:03:31AM -0700, Eric Rescorla wrote: As nearly as I can tell from reports (I wasn't there), he (1) talked about a general way to exploit a buffer overflow to cause arbitrary code execution (this would apply to buffer overflows generally, but would be completely useless if you didn't know of a buffer overflow to exploit), and (2) demonstrated his technique using a previosuly known buffer overflow vulnerability which Cisco has already patched. So Cisco is correct in saying that he didn't identifiy any new vulnerabilities, and Cisco is also correct in saying that the vulnerability he used in his presentation to demonstrate his technique has been patched. However, the same technique will be useful on the next buffer overflow vulnerability to be discovered. -- Brett