Re: Mike Lynn released information about a hacking Cisco IOS

From: routerg (routerg_at_gmail.com)
Date: 08/05/05

  • Next message: Micheal Espinola Jr: "Re: Web mail intercepted! How?"
    Date: Fri, 5 Aug 2005 09:40:06 -0400
    To: "McKinley, Jackson" <Jackson.McKinley@team.telstra.com>
    
    

    Also expense. There are tones of 2500's running 10.* and 11.* that
    would require either upgrading memory and flash or even the whole
    platform. The mass amount of organizations not that concerned with
    network security probably don't want to spend the money to upgrade.

    But unfortunately yeah, upgrade for now.

    On 8/3/05, McKinley, Jackson <Jackson.McKinley@team.telstra.com> wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Other problem people face and im sure others do as well with patching
    > equipment is "Certs" some devices are cleared for work on set OS lvls.
    > For instance the new PIX OS code isnt EAL4 cert..
    >
    > So patching isnt always an option.
    >
    > Layered defence is the best option I say. That way one weakness can be
    > removed by a second system.
    >
    > - -----Original Message-----
    > From: Kelly Martin [mailto:kel@securityfocus.com]
    > Sent: Thursday, 4 August 2005 10:42 AM
    > To: ddjjembe 2
    > Cc: security-basics@securityfocus.com
    > Subject: Re: Mike Lynn released information about a hacking Cisco IOS
    >
    > ddjjembe 2 wrote:
    > > Last week Mike Lynn released information about a hacking Cisco IOS.
    > > Is there a patch to protect from this vulnerability?
    >
    > Just keep your routers patched and you'll be safe. He used a very new
    > technique with an old vulnerability that has already been patched. The
    > biggest issue is that people aren't used to patching their Cisco routers
    > because no one has even been able to prove that shellcode can run on IOS
    > before.
    >
    > Cheers,
    >
    > Kelly Martin
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.0.6 (MingW32)
    > Comment: For info see http://www.gnupg.org
    >
    > iEYEARECAAYFAkLxaQcACgkQ4Tg6VO8hWutUiwCgjIglhlKa7UvtiXPas8SF//PX
    > JvMAniMJySWoOevg/CXV3p6kkbr5iqEU
    > =lS/x
    > -----END PGP SIGNATURE-----
    >


  • Next message: Micheal Espinola Jr: "Re: Web mail intercepted! How?"

    Relevant Pages

    • Re: Does anyone know of a User Group for Sun Cluster?
      ... clustered things - we used the dual partition split (sometimes called ... upgraded (we upgraded the OS and the cluster SW versions) but we have ... used live upgrade for patching in the past. ...
      (comp.unix.solaris)
    • Re: new unpublished SSH exploit ?
      ... > Any suggestion for patching a RH 7.0? ... > Tried to build from source but failed to compile. ... > Is an upgrade to 9.0 the only solution ...
      (comp.os.linux.security)
    • Re: new unpublished SSH exploit ?
      ... > Any suggestion for patching a RH 7.0? ... > Tried to build from source but failed to compile. ... > Is an upgrade to 9.0 the only solution ...
      (comp.security.ssh)
    • Re: Can you patch xp home edition to XP pro?
      ... I was wondering if I could upgrade to XP ... Not by "patching" - but you can by WinXP Pro Upgrade and install it over the ... regular old XP Pro (no SP1 bundled) you'll need to reapply SP1. ...
      (microsoft.public.windowsxp.general)
    • Patch Solaris with cd and no network connection
      ... help about patching. ... I have a 8/07 installation cd but no network ... Is it possible to do a patch update (not an os upgrade) with cd? ...
      (comp.unix.solaris)