I could not replicate this on a 6509 using remote authentication and secureID, and those are the only ones we have around. Has anyone been able to replicate this? --- Bob Niederman <btrq@bob-n.com> wrote: > > > > While this is clearly a bug, the example given does not show > that it's > serious. The example (and the statement "...as long as they > are followed > by a space and a ?") shows that you have gotten the syntax for > the next > parameter of the command, not that you have executed it. > > > --- > My mail server bit-buckets mail to this address which is not > from securityfocus.com servers. To email me, send to > bob AT bob-n DOT com > > On 3 Oct 2003, Chris Norton wrote: > > > > > > > A vulnerability has been found on Cisco 6509 switches. The > > vulnerability was found to work on 2 different Cisco 6509 > switches > > running CATOS 5.4(2) and 5.5(2). The vulnerability can lead > to > > information and commands being exectued on the remote switch > from the > > login prompt. Commands can be exectued at the Enter > password: prompt > > as long as they are followed by a space and a ? Proof of > concept > > below: Cisco Systems Console > > > > Enter password: > > <data_size> Size of the packet (0..1420) > > <cr> > > Enter password: traceroute 127.0.0.1 > > > > This vulnerability has yet to be confirmed by Cisco but they > have been alerted about it. > > > __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
