On Thu, 28 Jul 2005, Mark Owen wrote:
Cisco had the exploit fixed in April and no longer offers the exploitable OS for download on their site.
To summarize a couple points: 1. Cisco fixes exploit in April 2. IOS Simplification occurs in April, effectively removing all old versions of code from their website. 3. IOS Simplication is explained (in macro terms) as a way to help customers navigate available versions; in micro terms, they were helping their litigation issues around NetFlow Acceleration So... did IOS simplification also give them a convienent / coincidental method of patching the vuln. that Lynn used in his exploit presentation? Or to put in another way: What else got fixed with IOS Simplification that we don't know about. One could speculate that the events listed above lead you to a good stake in the ground as to whether or not your code is vulnerable, if it's currently downloadable... it must be good! <snicker> Another observation: Given the audience of Black Hat (well-connected network types with a penchant for distributing information ahead of the curve) why is there so little factual information about what was presented? - Scott
On Thu, Jul 28, 2005 at 01:34:15PM -0500, Scott Altman wrote:
On Thu, 28 Jul 2005, Mark Owen wrote:
Cisco had the exploit fixed in April and no longer offers the exploitable OS for download on their site.
To summarize a couple points: 1. Cisco fixes exploit in April 2. IOS Simplification occurs in April, effectively removing all old versions of code from their website. 3. IOS Simplication is explained (in macro terms) as a way to help customers navigate available versions; in micro terms, they were helping their litigation issues around NetFlow Acceleration
So... did IOS simplification also give them a convienent / coincidental method of patching the vuln. that Lynn used in his exploit presentation? Or to put in another way: What else got fixed with IOS Simplification that we don't know about.
I kinda doubt it, some platforms (eg: GSR, "76k") only run specific releases. no 12.4 for your GSR.
One could speculate that the events listed above lead you to a good stake in the ground as to whether or not your code is vulnerable, if it's currently downloadable... it must be good! <snicker>
Another observation: Given the audience of Black Hat (well-connected network types with a penchant for distributing information ahead of the curve) why is there so little factual information about what was presented?
random guess: The threat isn't that great, i'm (guessing) you already need at least first level access to the router, at that point, you can likely peek at all sorts of things. Buffer overflows are nothing "new", the real key is how to limit the impact of them. I think the general solution is IPC + protected mem, but i'm no programmer. -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
participants (2)
-
Jared Mauch
-
Scott Altman