ISS vs. Cisco: Chapter 2

• Previous message: Jeff Peadro: "Privilege escalation in Nortel Contivity VPN Client V05_01.030"
• Next in thread: Florian Weimer: "Re: ISS vs. Cisco: Chapter 2"
• Reply: Florian Weimer: "Re: ISS vs. Cisco: Chapter 2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 11 Aug 2005 12:21:30 +0200
To: full-disclosure@lists.grok.org.uk, news@securiteam.com, vuln@secunia.com, bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear list reader,

this morning I found to my complete surprise the following email in my inbox,
which sheds some light from a different angle on the whole ISS and Cisco
story:

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FX,

I heard you have got shell code working against IOS. Can you share
any details, or provide the code?

Thanks,

Chris

- - --------------------------------------------------------------
Chris Rouland
CTO
Internet Security Systems, Inc.
http://xforce.iss.net
crouland@iss.net

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBQvpqDd/TKefTUYbMEQJ2FACg6qOo57klGccK7GEu7KIB2t6ZXQMAoKv8
tYeVt00aKfZ6eLDGTEIcPhG4
=B6fL
- -----END PGP SIGNATURE-----

The inclined reader may verify Mr. Rouland's signature using his key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD35186CC

I appreciate Mr. Rouland acknowledges the work Phenoelit has done
on Cisco IOS and actually realises that Michael Lynn build on this work
for his exploit, while the actual shellcode was entirely different from
codes we were using.

According to various sources, Michael Lynn was supposed to give copies
of his hard drive content to ISS and Cisco
(http://blogs.washingtonpost.com/securityfix/2005/07/ciscogate_updat.html),
which leaves the question why ISS needs our shellcodes.

Mr. Rouland, the information you are looking for is posted at
http://www.phenoelit.de/ultimaratio/index.html since 2002 and was
presented at the BlackHat USA Briefings in the same year:
http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#FX

Phenoelit continues to look for and find bugs in Cisco IOS. We will also
continue our excellent relationship to the people at PSIRT to help fixing
these vulnerabilities and may release advisories covering those when, and
only when the respective fixes are available, tested and released by Cisco.

I leave the ethical aspects of this request by ISS for the consideration
of the inclined reader.

cheers
FX

- --
         FX <fx@phenoelit.de>
      Phenoelit (http://www.phenoelit.de)
672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC+yaqwMGiQm1jtWQRAsAYAKCKT3H7cBkGwkcL0qdUEr1LKLt+9wCgobou
eGVJIm5dz5Hb3jlHMxDun6Y=
=mgeG
-----END PGP SIGNATURE-----

• Previous message: Jeff Peadro: "Privilege escalation in Nortel Contivity VPN Client V05_01.030"
• Next in thread: Florian Weimer: "Re: ISS vs. Cisco: Chapter 2"
• Reply: Florian Weimer: "Re: ISS vs. Cisco: Chapter 2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]