> I suspect there was something slightly more than just giving information
> about the vulnerabilities.. the inference is that they demonstrated
> executing arbitrary code from buffer overflows.. perhaps for example they
> developed ways of opening up privilege vty which I dont think has been
> sh
On Thu, 2005-07-28 at 12:58, Robert Crowe wrote:
> This has nothing to do with the recent events.
>
>
> - RC
> james edwards wrote:
>
> I am not sure if this is the correct doc, but it is recent (April/May 05)
> and does indicate what IOS versions are being dropped and what IOS one
> should
On Thu, Jul 28, 2005 at 01:34:15PM -0500, Scott Altman wrote:
>
> On Thu, 28 Jul 2005, Mark Owen wrote:
> > Cisco had the exploit fixed in April and no longer offers the exploitable
> > OS for download on their site.
>
> To summarize a couple points:
> 1. Cisco fixes exploit in April
> 2. IOS S
Thus spake "Mikael Abrahamsson" <[EMAIL PROTECTED]>
On Thu, 28 Jul 2005, Mark Owen wrote:
Cisco had the exploit fixed in April and no longer offers the exploitable
OS for download on their site.
And the list of vulnerable IOS versions is where?
I don't care exactly what the exploit is b
This has nothing to do with the recent events.
- RC
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
james edwards
Sent: Thursday, July 28, 2005 2:26 PM
To: Mikael Abrahamsson; [EMAIL PROTECTED]
Subject: Re: Cisco cover up
>
> And the l
On Thu, 28 Jul 2005, Mark Owen wrote:
> Cisco had the exploit fixed in April and no longer offers the exploitable OS
> for download on their site.
To summarize a couple points:
1. Cisco fixes exploit in April
2. IOS Simplification occurs in April, effectively removing all old
versions of code fr
>
> And the list of vulnerable IOS versions is where?
I am not sure if this is the correct doc, but it is recent (April/May 05)
and does indicate
what IOS versions are being dropped and what IOS one should migrate to.
http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5187/prod_bulle
* James Baldwin:
> On Jul 28, 2005, at 1:50 PM, Joseph S D Yao wrote:
>
>> Given that it was clear that Lynn had NDA access to the Cisco
>> source code already, it seems pretty clear that the original poster
>> wasn't even speculating that he had stolen it, but to potential
>> exploiters' having
On Thu, Jul 28, 2005 at 02:04:28PM -0400, James Baldwin wrote:
> On Jul 28, 2005, at 1:50 PM, Joseph S D Yao wrote:
>
> >Given that it was clear that Lynn had NDA access to the Cisco source
> >code already, it seems pretty clear that the original poster wasn't
> >even
> >speculating that he had
Once upon a time, Mark Owen <[EMAIL PROTECTED]> said:
> Cisco had the exploit fixed in April and no longer offers the
> exploitable OS for download on their site.
But which versions are vulnerable? I don't just go upgrade my IOS at
random, hoping to fix unknown bugs (while introducing additional
On Jul 28, 2005, at 1:50 PM, Joseph S D Yao wrote:
Given that it was clear that Lynn had NDA access to the Cisco source
code already, it seems pretty clear that the original poster wasn't
even
speculating that he had stolen it, but to potential exploiters' having
done so. Eh?
Lynn did not
On Wed, Jul 27, 2005 at 04:14:30PM -0500, Olsen, Jason wrote:
> From: James Baldwin
> > This had _nothing_ to do with the source code that was
> > stolen. I have dealt with Lynn professionally on many
> > occasions and he has shown himself to have more than a fair
> > share of integrity. It is
On Thu, 28 Jul 2005, Mark Owen wrote:
Cisco had the exploit fixed in April and no longer offers the
exploitable OS for download on their site.
And the list of vulnerable IOS versions is where?
I don't care exactly what the exploit is but I want to know the risks
involved and what versio
On 7/27/05, J. Oquendo <[EMAIL PROTECTED]> wrote:
> Complete PR disaster? Maybe they're still working on the fix and didn't
> want those on the blackhat scene to have a glimpse of how they intended on
> fixing things. I wonder if this has exploit_foo_bar has anything to do
> with their code being
On Wed, 27 Jul 2005, James Baldwin wrote:
> Cisco had initially approved this talk. My understanding is that this has been
> fixed and no current IOS images were vulnerable to the techniques he was
> describing. ISS, Lynn, and Cisco had been working together for months on this
> issue before the
From: James Baldwin
> This had _nothing_ to do with the source code that was
> stolen. I have dealt with Lynn professionally on many
> occasions and he has shown himself to have more than a fair
> share of integrity. It is uncalled for to take to disparate
> events and place them together in
On Jul 27, 2005, at 4:48 PM, J. Oquendo wrote:
On Wed, 27 Jul 2005, Dan Hollis wrote:
This is looking like a complete PR disaster for cisco. They would
have
been better off allowing the talk to take place, and actually
fixing the
holes rather than wasting money on a small army of razorblad
On Wed, 27 Jul 2005, Dan Hollis wrote:
>
> This is looking like a complete PR disaster for cisco. They would have
> been better off allowing the talk to take place, and actually fixing the
> holes rather than wasting money on a small army of razorblade-equipped
> censors.
>
> -Dan
Complete PR d
18 matches
Mail list logo