Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploit Available for Cisco IOS Vulnerability

Posted by michael on from the there-goes-the-internet dept.

GNUman writes "Cisco's IOS vulnerability, posted by Slashdot and CERT, has now a published exploit available, as reported recently by CERT. While there are some some articles claiming that the Internet survived a major flaw, maybe with a publicly available exploit could script kiddies start creating havock?. jerw134 wanted to start a pool to find out when the exploit would be publicly available, here's the answer."

11 of 277 comments (clear)

  1. Great... by mfifer · · Score: 4, Interesting

    ...the 'sploit is more easily available than the fix!

    Anyone else gone through hell today trying to get the patch from Cisco?

    Grrr... >-/

    1. Re:Great... by silas_moeckel · · Score: 2, Interesting

      Well I havent had any issues just go login to your CCO account and grab the new IOS's actualy my local mirror updated yesterday automaticaly. As for going through TAC thats allways a PITA to say a couple hundred dollars a year.

      --
      No sir I dont like it.
  2. Re:Exploits et al., by Burlynerd · · Score: 5, Interesting

    You're right on the money with the "maturity" comments, Jack. The way technology has been running, we have been in a constant state of trying to learn something new. We've never really had a chance to get "really good" at some of our technologies, before the next version or replacement technology arrived.

    The Cisco situation is not due to bleeding edge issues though. They should have found this problem sooner.

  3. Re:Exploits et al., by gabriel-dialupusa · · Score: 2, Interesting

    It's also a shame we have to pat ourselves on the back a lot on slashdot. And as long as you're not bragging about $10k bonuses, make sure to not tell us how you didn't spend it on the EFF and FSF. ;-)

    --
    Beware he who would deny you access to information,
    for in his heart he dreams himself your master.
  4. Re:Exploits et al., by aliens · · Score: 2, Interesting

    What kind of graphics were these? They should have been already optimized to allow for quick loading.

    Unless you're talking about high quality TIF's B&W vs. Color should not be making a difference in your load times.

    --
    -- taking over the world, we are.
  5. tried it... works quite well by Anonymous Coward · · Score: 2, Interesting

    I've already compiled this and tested against an internal router, fills up the input queue quite nicely. Requires libnet.h

    -orbit0r

  6. Is this a problem of feature inflation? by CraigV · · Score: 3, Interesting

    I had the impression that routing was a fairly straight-forward task and that 100% reliable software should be available for the routers. Has Cisco added frills to such an extent that the basic routing is compromised? Is this current problem associated with unnecessary features?

  7. Wanna check your routers? by zdzichu · · Score: 2, Interesting

    Here the exploit: http://www.securitylab.ru/_tools/shadowchode.tar.t ar
    It's .tar.gz file, incorrectly named.

    --
    :wq
  8. Just how long has Cisco known about this? by riaasucks · · Score: 2, Interesting

    If you look at the release dates of some of the code that is not vulnerable to this attack, it goes back to early June. To me, it looks like this was identified almost two months ago. The question then is: Was this suddenly announced once a planned mile-marker in IOS revisions had been met....or once they suspected the exploit was in the wild?

  9. Re:The code by njchick · · Score: 2, Interesting

    Why does the author put "(void)" before every fprintf()? Can it be some kind of hidden signature?

  10. Re:Contact your network company by Artifex · · Score: 2, Interesting
    After which they'll explain that they use Juniper equipment because it doesn't suck near as much as Cisco and you'll look like an ass


    They may use Juniper routers, but if your contract with them includes their maintenance of CPE they provided for you, and the CPE is Cisco, you're still screwed, aren't you?

    --
    Get off my launchpad!