11.x IOS source was floating around a few years ago. I wouldn't be surprised if more recent versions were being distributed within the underground community.
/m ----- Original Message ----- From: "Joe Abley" <[EMAIL PROTECTED]> To: "Andy Dills" <[EMAIL PROTECTED]> Cc: "Jack Bates" <[EMAIL PROTECTED]>; "Sean Donelan" <[EMAIL PROTECTED]>; "Mikael Abrahamsson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, July 17, 2003 1:11 PM Subject: Re: Cisco IOS Vulnerability > > > On Thursday, Jul 17, 2003, at 15:59 Canada/Eastern, Andy Dills wrote: > > > On Thu, 17 Jul 2003, Jack Bates wrote: > > > >> Sendmail root exploit took less than 24 hours to craft. I suspect that > >> this exploit will be found within 48 hours. Enough information was > >> provided to quickly guess where the problem lies with IPv4 processing. > > > > Sendmail is open source, IOS is not. > > > > Knowing where the problem is and knowing how to exploit it are two > > entirely different situations. > > If any IOS source code has ever found its way out of cisco since IOS > 10.3 (and surely, that must have happened), then it seems reasonable to > assume that there are people in the world currently comparing the > advisory to the source. > > > Joe > >
