[nsp] Cisco Security Advisory: Data Leak with CEF

• Next message: Gert Doering: "Re: [nsp] 12.2T and 4500/4700?"
• Previous message: KF: "RE: [nsp] 12.2T and 4500/4700?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Cisco Security Advisory: Data Leak with Cisco Express Forwarding Enabled
Public Release 2002 February 27 08:00 (UTC -0800)
http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml

****************************************************************************
***********************************************
Impact
By sending malformed packets, and capturing them after they have been
processed by CEF, an attacker may find a remnants of a previous packets in
them. The remnant data may contain whatever the previous packet has carried.
That may be parts of a document, mail or any other content.

Note that in an interactive session such as typing a password, characters
are sent one by one in separate packets. That drastically lowers the
probability that all packets will be captured. In addition, it is almost
certain that typed characters will be overwritten by the contents of the
attacking packets.
****************************************************************************
***********************************************

based on this I think the probability would be one in 1 in a billion,

Comments???

SH

• Next message: Gert Doering: "Re: [nsp] 12.2T and 4500/4700?"
• Previous message: KF: "RE: [nsp] 12.2T and 4500/4700?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:34 EDT