If I were to venture a guess (and it would be just that, a guess), I'd say that you're probably spot on. I wonder who's having more fun this week? The folks at Black Hat, or the folks in The Netherlands at the "Politics of Psychedelic Research" or perhaps the "Fun and Mayhem with RFID" sessions at "What the Hack"? ;-) http://www.whatthehack.org/ - ferg -- Brett Frankenberger <rbf@rbfnet.com> wrote: On Thu, Jul 28, 2005 at 07:03:31AM -0700, Eric Rescorla wrote:

Can you or someone else who was there or has some details describe what the actual result is and what the fix was? Based on what I've been reading, it sounds like Lynn's result was a method for exploiting arbitrary new vulnerabilities. Are you saying that this method can't be used in future IOS revs?

As nearly as I can tell from reports (I wasn't there), he (1) talked about a general way to exploit a buffer overflow to cause arbitrary code execution (this would apply to buffer overflows generally, but would be completely useless if you didn't know of a buffer overflow to exploit), and (2) demonstrated his technique using a previosuly known buffer overflow vulnerability which Cisco has already patched. So Cisco is correct in saying that he didn't identifiy any new vulnerabilities, and Cisco is also correct in saying that the vulnerability he used in his presentation to demonstrate his technique has been patched. However, the same technique will be useful on the next buffer overflow vulnerability to be discovered. -- Brett -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/