ISS vs. Cisco: Chapter 2
From: FX (fx_at_phenoelit.de)
Date: Thu, 11 Aug 2005 12:21:30 +0200 To: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com
-----BEGIN PGP SIGNED MESSAGE-----
Dear list reader,
this morning I found to my complete surprise the following email in my inbox,
which sheds some light from a different angle on the whole ISS and Cisco
- -----BEGIN PGP SIGNED MESSAGE-----
I heard you have got shell code working against IOS. Can you share
any details, or provide the code?
- - --------------------------------------------------------------
Internet Security Systems, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
- -----END PGP SIGNATURE-----
The inclined reader may verify Mr. Rouland's signature using his key:
I appreciate Mr. Rouland acknowledges the work Phenoelit has done
on Cisco IOS and actually realises that Michael Lynn build on this work
for his exploit, while the actual shellcode was entirely different from
codes we were using.
According to various sources, Michael Lynn was supposed to give copies
of his hard drive content to ISS and Cisco
which leaves the question why ISS needs our shellcodes.
Mr. Rouland, the information you are looking for is posted at
http://www.phenoelit.de/ultimaratio/index.html since 2002 and was
presented at the BlackHat USA Briefings in the same year:
Phenoelit continues to look for and find bugs in Cisco IOS. We will also
continue our excellent relationship to the people at PSIRT to help fixing
these vulnerabilities and may release advisories covering those when, and
only when the respective fixes are available, tested and released by Cisco.
I leave the ethical aspects of this request by ISS for the consideration
of the inclined reader.
672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----