[VIM] Remote Cisco IOS FTP exploit (fwd)

security curmudgeon jericho at attrition.org
Tue Jan 20 10:34:12 UTC 2009

---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: Andy Davis <iosftpexploit at googlemail.com>
Cc: bugtraq at securityfocus.com, psirt at cisco.com
Date: Tue, 20 Jan 2009 10:33:26 +0000 (UTC)
Subject: Re: Remote Cisco IOS FTP exploit

(Note the date, late reply I know..)

On Tue, 29 Jul 2008, Andy Davis wrote:

: The IOS FTP server vulnerabilities were published in an advisory by
: Cisco in May 2007. The FTP server does not run by default, it is not
: widely used and has since been removed from new versions of IOS.
: Therefore, I took the decision to release this exploit code in order to
: show that IOS can be reliably exploited to provide remote level 15 exec
: shell access. This clearly demonstrates that patching your router is
: just as important as patching your servers.

:  Cisco IOS FTP server remote exploit by Andy Davis 2008
:  Cisco Advisory ID: cisco-sa-20070509-iosftp - May 2007

>From the Cisco advisory:

   The Cisco IOS FTP Server feature contains multiple vulnerabilities that
   can result in a denial of service (DoS) condition, improper verification
   of user credentials, and the ability to retrieve or write any file from
   the device filesystem, including the device's saved configuration. This
   configuration file may include passwords or other sensitive information.

None of those sound like "remote overflow" to me. If this exploit code
included in this mail is accurate, that means the Cisco advisory used
crafty wording to hide the nate of the bug. Given they scored CSCek55259 /
CVE-2007-2586 as 10.0 (and the other issue 2.0), that means that "improper
verification of user credentials" and "Improper authorization checking in
IOS FTP server" is really "remote overflow that allows unauthenticated
code execution".

Andy or Cisco, could you confirm?

More information about the VIM mailing list