On Thu, 24 Jul 2003 10:56:00 EDT, [EMAIL PROTECTED] said:
> prior to that in the same e-mail. I'm not a programmer by any stretch of
> the imagination but I found it curious that the C library had no kind of
> error checking for valid values in the protocol field.
1) The "C library" has no rea
- Original Message -
From: "Robert Wesley McGrew" <[EMAIL PROTECTED]>
To:
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, July 23, 2003 4:05 PM
Subject: Re: [Full-Disclosure] Cisco Bug 44020 - Final Thoughts
> I just don't see how this supports your conclusion
As far as your code is concerned any number that suits
(real_vuln_protocol)+256*n should crash the machine. However, this is
meaningless, since, as you say, the IP header's protocol field is only 8
bits, so you can generate larger numbers all day, but only your
least-significant 8 bits are being
I thought I'd share the final results of my testing of the recent Cisco
exploit with the list here. I had the concern that the new IOS versions
released by Cisco would be immune to the original exploit but may not cover
variants or other protocols that are susceptible. I recompiled the exploit
co
2003 5:30 PM
Subject: Re: FW: [Full-Disclosure] Cisco Bug 44020
> My apologies for posting my first e-mail to this group in HTML. Its not
> hard to tell who the newbies are... As it turns out we have a slight
issue
> here on outbound e-mail but I found a way to overcome temporarily.
>
My apologies for posting my first e-mail to this group in HTML. Its not
hard to tell who the newbies are... As it turns out we have a slight issue
here on outbound e-mail but I found a way to overcome temporarily.
As for the list, Steve, please give it a chance. I did the same as you. I
signed
Title: FW: [Full-Disclosure] Cisco Bug 44020
Hey folks,
It turns out that the tar file Shanphen mentions below is empty. I found it at: http://www.k-otik.com/exploits/07.21.cisco-bug-44020.c.php
with a link to working .gz as well. It looks like a cleanup of the original exploit but
Here is supposedly a working Cisco exploit:
http://www.elxsi.de/cisco-bug-44020.tar.gz
This is pasted from security focus:
http://www.securityfocus.com/archive/1/329765/2003-07-19/2003-07-25/0
To:
BugTraq
Subject:
Cisco IOS exploit (44020)
Date:
Jul 21 2003 4:01PM
Author:
Martin Kluge
Mess