On Thu, 12 Jan 2006, Gadi Evron wrote: > In this > (http://blogs.securiteam.com/wp-admin/post.php?action=edit&post=207) recent > Cisco advisory, the company alerts us to a security problem > with Cisco MARS (Cisco Security Monitoring Analysis and Response System). > > The security issue is basically a user account on the system that will > give you root when accessed. ... > Now? if Cisco knowingly put it there, shame on them. If somebody put it > there without their knowledge? well, shame on them.
Cisco acquired Protego in Dec 2004 and thereby acquired MARS: http://www.infoworld.com/article/04/12/20/HNciscoprotego_1.html Cisco didn't put it in there - they bought the bug for $65M. :-) > > Okay, but how about other vulnerabilities of this type? Are there any more > backdoors to other Cisco products? > If not, why wouldn?t they just come out and say that? > ?There are NO other such backdoors in our products?. I am sure there are more. The previous one I remember was with their Riverhead purchase: http://www.cisco.com/en/US/products/products_security_advisory09186a008037d0c5.shtml and before that was: http://www.cisco.com/en/US/products/products_security_advisory09186a00802119c8.shtml but I don't know which company was purchased to introduce that one. I think Cisco just doesn't check the product closely enough and trusts the R&D coders and doesn't introduce an external security QA to the product being purchased. -Hank