Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

Date: Wed, 10 Oct 2007 12:05:23 +0100
From: Damir Rajnovic <gaus@cisco.com.>
To: [email protected]
Subject: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
Message-ID: <20071010110523.GP6779@gaus-computer.local.>
Reply-To: Gaus <gaus@cisco.com.>
Mail-Followup-To: [email protected], [email protected]
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="yEPQxsgoJgBvi8ip"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.2i
X-Operating-System: Whatever
X-Virus-Scanned: antivirus-gw at tyumen.ru


--yEPQxsgoJgBvi8ip
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello,

Cisco PSIRT is aware of the three videos IRM Plc. published on their
web site at <http://www.irmplc.com/index.php/153-Embedded-Systems-Security>;.
 =20
Cisco and IRM agree that the videos do not demonstrate or represent a
vulnerability in Cisco IOS.  Specifically, the code to manipulate
Cisco IOS could be inserted only under the following conditions:
               =20
- Usage of the debugger functionality present in IOS
                           =20
- Having physical access to the device
                                         =20
- Already logged in at the highest privilege level on the device.
              =20
IRM approached Cisco PSIRT with this information prior to its public
release and Cisco has confirmed the information provided is a
proof-of-concept that third party code could be inserted under these
specific conditions.

Regards,

Gaus

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Damir Rajnovic <psirt@cisco.com.>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/go/psirt>;      Telephone: +44 7715 546 033
200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
There are no insolvable problems.=20
The question is can you accept the solution?=20

--yEPQxsgoJgBvi8ip
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)

iD8DBQFHDLHz8NUAbBmDaxQRAly/AJsGBSdnSVUeVvLmbM/wgq93w7d68ACgjQem
Pl0BqLrdWvvU5KZ/jUCRC0g=
=moHz
-----END PGP SIGNATURE-----

--yEPQxsgoJgBvi8ip--

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: