'[Full-disclosure] Cisco Router IOS History Bug'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Cisco Router IOS History Bug
From:       "Oliver Pinson-Roxburgh" <OPinson-Roxburgh () getech ! co ! uk>
Date:       2005-06-30 16:33:55
Message-ID: DC993A8693DDBF4EBA32107FFE2E7AE5E378 () mercury ! getech ! co ! uk
[Download RAW message or body]

--===============0970204107==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C57D91.822514A1"

This is a multi-part message in MIME format.


I have been running some scans on some of our Cisco kit and one of our
scanners came up with the following vulnerability :

Cisco Router IOS History Bug 
CVE ID:CVE-2000-0368 
Vendor Reference:CSCdk43920 

I would like to clarify this vulnerability by hand if possible. Does any
one have any way of hand craft testing this vulnerability? A POC or any
other information on this? 
 
 

--------------------------------------------------------------------------------
This electronic message contains information from Getech Limited, 
which may be privileged and confidential. The information is intended 
to be for the use of the individual(s) or entity named above. If you 
are not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of this information is prohibited. 
If you have received this electronic message in error, please notify 
me immediately. Opinions, conclusions and other information in this 
message that do not relate to the official business of Getech Limited 
shall be understood as neither given nor endorsed by Getech Limited.

Getech filters & monitors all Internet communications. 
--------------------------------------------------------------------------------

[Attachment #3 (text/html)]

<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@01C57D99.E4249C40">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0cm;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;
	text-underline:single;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	mso-style-noshow:yes;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Arial;
	mso-ascii-font-family:Arial;
	mso-hansi-font-family:Arial;
	mso-bidi-font-family:Arial;
	color:windowtext;}
span.SpellE
	{mso-style-name:"";
	mso-spl-e:yes;}
span.GramE
	{mso-style-name:"";
	mso-gram-e:yes;}
@page Section1
	{size:595.3pt 841.9pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;
	mso-header-margin:35.4pt;
	mso-footer-margin:35.4pt;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
	{mso-style-name:"Table Normal";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-parent:"";
	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
	mso-para-margin:0cm;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=EN-GB link=blue vlink=purple style='tab-interval:36.0pt'>

<div class=Section1>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>I have been running some scans on some of our Cisco kit and one of our
scanners came up with the following <span class=GramE>vulnerability \
:</span><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
Cisco Router IOS History <span class=GramE>Bug <br>
CVE</span> ID:CVE-2000-0368 <br>
Vendor Reference:CSCdk43920 <br>
<br>
I would like to clarify this vulnerability by hand if possible. Does any one have
any way of hand craft testing this vulnerability? <span class=GramE>A POC or
any other information on this?</span> </span></font><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>


<FONT face=Verdana size=1>
<P>
<P>&nbsp;</P>
<P>
<HR>
</FONT><FONT face=Verdana size=1>This electronic message contains information 
from Getech Limited, which may be privileged and confidential. The information 
is intended to be for the use of the individual(s) or entity named above. If you 
are not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of this information is prohibited. If you 
have received this electronic message in error, please notify 
me&nbsp;immediately.&nbsp;Opinions, conclusions and other information in this 
message that do not relate to the official business of Getech Limited shall be 
understood as neither given nor endorsed by Getech Limited.</FONT>
<P></P>
<P></P>
<P><FONT size=1><FONT face=Verdana>Getech filters &amp; monitors all Internet 
communications</FONT><FONT face=Verdana>. 
<HR>
</FONT>
<P></P>
<P></P></FONT>
</body>

</html>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============0970204107==--

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic