Cisco 6509 switch telnet vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco 6509 switch telnet vulnerability
From: Chris Norton <kicktd@xxxxxxxxxxx>
Date: 3 Oct 2003 00:03:26 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


A vulnerability has been found on Cisco 6509 switches. The vulnerability was 
found to work on 2 different Cisco 6509 switches running CATOS 5.4(2) and 
5.5(2). The vulnerability can lead to information and commands being exectued 
on the remote switch from the login prompt. Commands can be exectued at the 
Enter password: prompt as long as they are followed by a space and a ?
Proof of concept below:
Cisco Systems Console

Enter password:
<data_size>                Size of the packet (0..1420)
<cr>                       
Enter password: traceroute 127.0.0.1

This vulnerability has yet to be confirmed by Cisco but they have been alerted 
about it.

Follow-Ups:
- Re: Cisco 6509 switch telnet vulnerability
  - From: Bob Niederman
- Re: Cisco 6509 switch telnet vulnerability
  - From: Wendy Garvin

Prev by Date: Re: Half-Life 2 source code stolen through IE exploit
Next by Date: Divine OpenMarket Content Server XSS
Previous by thread: [CLA-2003:758] Conectiva Security Announcement - vixie-cron
Next by thread: Re: Cisco 6509 switch telnet vulnerability
Index(es):
- Date
- Thread