(Note the date, late reply I know..) On Tue, 29 Jul 2008, Andy Davis wrote: : The IOS FTP server vulnerabilities were published in an advisory by : Cisco in May 2007. The FTP server does not run by default, it is not : widely used and has since been removed from new versions of IOS. : Therefore, I took the decision to release this exploit code in order to : show that IOS can be reliably exploited to provide remote level 15 exec : shell access. This clearly demonstrates that patching your router is : just as important as patching your servers. : Cisco IOS FTP server remote exploit by Andy Davis 2008 : : Cisco Advisory ID: cisco-sa-20070509-iosftp - May 2007 >From the Cisco advisory: The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information. None of those sound like "remote overflow" to me. If this exploit code included in this mail is accurate, that means the Cisco advisory used crafty wording to hide the nate of the bug. Given they scored CSCek55259 / CVE-2007-2586 as 10.0 (and the other issue 2.0), that means that "improper verification of user credentials" and "Improper authorization checking in IOS FTP server" is really "remote overflow that allows unauthenticated code execution". Andy or Cisco, could you confirm?
