[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote Cisco IOS FTP exploit



(Note the date, late reply I know..)

On Tue, 29 Jul 2008, Andy Davis wrote:

: The IOS FTP server vulnerabilities were published in an advisory by 
: Cisco in May 2007. The FTP server does not run by default, it is not 
: widely used and has since been removed from new versions of IOS. 
: Therefore, I took the decision to release this exploit code in order to 
: show that IOS can be reliably exploited to provide remote level 15 exec 
: shell access. This clearly demonstrates that patching your router is 
: just as important as patching your servers.

:  Cisco IOS FTP server remote exploit by Andy Davis 2008
: 
:  Cisco Advisory ID: cisco-sa-20070509-iosftp - May 2007

From the Cisco advisory:

  The Cisco IOS FTP Server feature contains multiple vulnerabilities that 
  can result in a denial of service (DoS) condition, improper verification 
  of user credentials, and the ability to retrieve or write any file from 
  the device filesystem, including the device's saved configuration. This 
  configuration file may include passwords or other sensitive information.

None of those sound like "remote overflow" to me. If this exploit code 
included in this mail is accurate, that means the Cisco advisory used 
crafty wording to hide the nate of the bug. Given they scored CSCek55259 / 
CVE-2007-2586 as 10.0 (and the other issue 2.0), that means that "improper 
verification of user credentials" and "Improper authorization checking in 
IOS FTP server" is really "remote overflow that allows unauthenticated 
code execution".

Andy or Cisco, could you confirm?