Cisco IOS Exploit Cover Up

If I were to venture a guess (and it would be just
that, a guess), I'd say that you're probably spot on.

I wonder who's having more fun this week? The folks
at Black Hat, or the folks in The Netherlands at the
"Politics of Psychedelic Research" or perhaps the
"Fun and Mayhem with RFID" sessions at "What the Hack"?


- ferg

Can you or someone else who was there or has some details describe
what the actual result is and what the fix was? Based on what I've
been reading, it sounds like Lynn's result was a method for exploiting
arbitrary new vulnerabilities. Are you saying that this method can't
be used in future IOS revs?

As nearly as I can tell from reports (I wasn't there), he (1) talked
about a general way to exploit a buffer overflow to cause arbitrary
code execution (this would apply to buffer overflows generally, but
would be completely useless if you didn't know of a buffer overflow to
exploit), and (2) demonstrated his technique using a previosuly known
buffer overflow vulnerability which Cisco has already patched.

So Cisco is correct in saying that he didn't identifiy any new
vulnerabilities, and Cisco is also correct in saying that the
vulnerability he used in his presentation to demonstrate his technique
has been patched. However, the same technique will be useful on the
next buffer overflow vulnerability to be discovered.

     -- Brett