|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Advisory def-2000-02: Cisco Catalyst remote command execution
From: Andrew Frith (AndrewF
GATEWAY.BM)Date: Thu Oct 26 2000 - 15:35:10 CDT
- Next message: Bill Sommerfeld: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
- Previous message: C Matthew Curtin: "Some points of detail on Bank One Online cookies"
- Maybe in reply to: Olle Segerdahl: "Advisory def-2000-02: Cisco Catalyst remote command execution"
- Maybe reply: Andrew Frith: "Re: Advisory def-2000-02: Cisco Catalyst remote command execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I was unable to reproduce this on a 2924-XL running version 11.2(8.2)SA6. Entering that URL in a web browser prompts for a password. It will only execute once the enable password has been entered.
>>> Olle Segerdahl <Olle.SegerdahlDEFCOM-SEC.COM> 10/26/00 05:51AM >>>
----------------------=[Detailed Description]=------------------------
Cisco Catalyst 3500 XL series switches have a webserver configuration
interface. This interface lets any anonymous web user execute any
command without supplying any authentication credentials by simply
requesting the /exec location from the webserver. An example follows:
http://catalyst/exec/show/config/cr
This URL will show the configuration file, with all user passwords.
- Next message: Bill Sommerfeld: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
- Previous message: C Matthew Curtin: "Some points of detail on Bank One Online cookies"
- Maybe in reply to: Olle Segerdahl: "Advisory def-2000-02: Cisco Catalyst remote command execution"
- Maybe reply: Andrew Frith: "Re: Advisory def-2000-02: Cisco Catalyst remote command execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]