While this is clearly a bug, the example given does not show that it's
serious. The example (and the statement "...as long as they are followed
by a space and a ?") shows that you have gotten the syntax for the next
parameter of the command, not that you have executed it.
---
My mail server bit-buckets mail to this address which is not from securityfocus.com servers. To email me, send to
bob AT bob-n DOT com
On 3 Oct 2003, Chris Norton wrote:
>
>
> A vulnerability has been found on Cisco 6509 switches. The
> vulnerability was found to work on 2 different Cisco 6509 switches
> running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to
> information and commands being exectued on the remote switch from the
> login prompt. Commands can be exectued at the Enter password: prompt
> as long as they are followed by a space and a ? Proof of concept
> below: Cisco Systems Console
>
> Enter password:
> <data_size> Size of the packet (0..1420)
> <cr>
> Enter password: traceroute 127.0.0.1
>
> This vulnerability has yet to be confirmed by Cisco but they have been alerted about it.
>
While this is clearly a bug, the example given does not show that it's
serious. The example (and the statement "...as long as they are followed
by a space and a ?") shows that you have gotten the syntax for the next
parameter of the command, not that you have executed it.
---
My mail server bit-buckets mail to this address which is not from securityfocus.com servers. To email me, send to
bob AT bob-n DOT com
On 3 Oct 2003, Chris Norton wrote:
>
>
> A vulnerability has been found on Cisco 6509 switches. The
> vulnerability was found to work on 2 different Cisco 6509 switches
> running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to
> information and commands being exectued on the remote switch from the
> login prompt. Commands can be exectued at the Enter password: prompt
> as long as they are followed by a space and a ? Proof of concept
> below: Cisco Systems Console
>
> Enter password:
> <data_size> Size of the packet (0..1420)
> <cr>
> Enter password: traceroute 127.0.0.1
>
> This vulnerability has yet to be confirmed by Cisco but they have been alerted about it.
>
[ reply ]