Re: Cisco 6509 switch telnet vulnerability
From: Bob Niederman (btrq_at_bob-n.com)
Date: 10/04/03
- Previous message: Sherlock: "Re: New IE crash: CSS + HTML"
- In reply to: Chris Norton: "Cisco 6509 switch telnet vulnerability"
- Next in thread: twig les: "Re: Cisco 6509 switch telnet vulnerability"
- Reply: twig les: "Re: Cisco 6509 switch telnet vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 4 Oct 2003 00:55:11 -0500 (CDT) To: bugtraq@securityfocus.com
While this is clearly a bug, the example given does not show that it's
serious. The example (and the statement "...as long as they are followed
by a space and a ?") shows that you have gotten the syntax for the next
parameter of the command, not that you have executed it.
--- My mail server bit-buckets mail to this address which is not from securityfocus.com servers. To email me, send to bob AT bob-n DOT com On 3 Oct 2003, Chris Norton wrote: > > > A vulnerability has been found on Cisco 6509 switches. The > vulnerability was found to work on 2 different Cisco 6509 switches > running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to > information and commands being exectued on the remote switch from the > login prompt. Commands can be exectued at the Enter password: prompt > as long as they are followed by a space and a ? Proof of concept > below: Cisco Systems Console > > Enter password: > <data_size> Size of the packet (0..1420) > <cr> > Enter password: traceroute 127.0.0.1 > > This vulnerability has yet to be confirmed by Cisco but they have been alerted about it. >
- Previous message: Sherlock: "Re: New IE crash: CSS + HTML"
- In reply to: Chris Norton: "Cisco 6509 switch telnet vulnerability"
- Next in thread: twig les: "Re: Cisco 6509 switch telnet vulnerability"
- Reply: twig les: "Re: Cisco 6509 switch telnet vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
