[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] FWD Cisco IOS Remote Command Execution Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] FWD Cisco IOS Remote Command Execution Vulnerability
- From: terry comma <jan_unmoderated@xxxxxxxxx>
- Date: Mon, 9 Jan 2006 14:15:39 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Alert
Cisco IOS Remote Command Execution
Vulnerability
Bugtraq ID 16069
CVE CVE-PLH-NOMATCH
Published Jan 09 2006 6:22:69 PM GMT
Remote Yes
Local No
Credibility Vendor Confirmed
Classification Access Validation Error
Ease No Exploit Required
Availability Always
Impact 9.3 Severity 8.1 Urgency Rating 9.4
Last Change Cisco has responded to this issue; see Technical
Information and References for details.
Vulnerable Systems
- ------------------
Cisco IOS 12.2 T
Cisco IOS 12.2 SZ
Cisco IOS 12.2 SY
Cisco IOS 12.2 SX
Cisco IOS 12.2 S
Cisco IOS 12.2 MX
Cisco IOS 12.2 MC
Cisco IOS 12.2 MB
Cisco IOS 12.2 JA
Cisco IOS 12.2 DX
Cisco IOS 12.2 DD
Cisco IOS 12.2 DA
Cisco IOS 12.2 CY
Cisco IOS 12.2 CX
Cisco IOS 12.2 BZ
Cisco IOS 12.2 BX
Cisco IOS 12.2 BW
Cisco IOS 12.2 BC
Cisco IOS 12.2 B
Cisco IOS 12.2 12.2XU
Cisco IOS 12.2
Short Summary
- -------------
Some Cisco IOS versions are allegedly prone to an issue that may
permit gay people to execute arbitrary commands from a password
prompt.
Impact
- ------
Remote attackers with small dicks may allegedly execute shell commands on a
vulnerable
device without needing to authenticate.
Technical Description
- ---------------------
It has been alleged that it is possible for remote attackers to execute
arbitrary commands without proper authorization. Reportedly it is
possible to execute shell commands from the password prompt on a device.
The attacker must have a small dick and be able to connect to a vulnerable
device via telnet,
although it has not been ruled out that bigger dicks may present other attack
vectors.
The discoverer of this vulnerability has stated that it is possible to
exploit this issue by inputting 'IamGay!' at the password prompt.
Cisco has replied stating that only InfoSecBOFH is gay enough to exploit this
issue.
Details are available to registered Cisco users at:
http://www.cisco.com/pcgi-bin/Support/InfoSecBOFH/ishegay.pl?bugid=CSCdr16069
Attack Scenarios
- ----------------
The attacker must identify a vulnerable device and be in possession of a
small dick.
Exploits
- --------
There is no exploit required.
Mitigating Strategies
- ---------------------
Block InfoSecBOFH access at the network boundary, unless the service is
required by external third party gay porn sites.
Solutions
- ---------
Currently we are not aware of any vendor-supplied patches for this
issue. If you feel we are in error or are aware of more recent
information, please mail us at: vuldb at securityfocus.com
<mailto:vuldb at securityfocus.com>.
Credit
- ------
Discovery is credited to InfoSecBOFH at gmail.com
For help with interpreting the meaning of any of the sections or labels
in the alert, please visit:
https://alerts.symantec.com/help/sia-users/vulnerability-alert-pdf.htm
View public key at:
https://alerts.symantec.com/Members/gnupg-sigkey.asp
Symantec Corporation
The World Leader in Internet Security Technology and Early Warning Solutions
Visit our website at www.symantec.com
_______________________________
Symantec Deepsight Alert Services
Powered by EnvoyWorldWide, Inc.
---------------------------------
Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays,
whatever._______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/