While this is clearly a bug, the example given does not show that it's serious. The example (and the statement "...as long as they are followed by a space and a ?") shows that you have gotten the syntax for the next parameter of the command, not that you have executed it. --- My mail server bit-buckets mail to this address which is not from securityfocus.com servers. To email me, send to bob AT bob-n DOT com On 3 Oct 2003, Chris Norton wrote: > > > A vulnerability has been found on Cisco 6509 switches. The > vulnerability was found to work on 2 different Cisco 6509 switches > running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to > information and commands being exectued on the remote switch from the > login prompt. Commands can be exectued at the Enter password: prompt > as long as they are followed by a space and a ? Proof of concept > below: Cisco Systems Console > > Enter password: > <data_size> Size of the packet (0..1420) > <cr> > Enter password: traceroute 127.0.0.1 > > This vulnerability has yet to be confirmed by Cisco but they have been alerted about it. >
