funsec mailing list archives
Researchers Warn of New Attack Methods Against Cisco IOS
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Thu, 11 Oct 2007 03:21:14 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via SearchSecurity.com. [snip] Cisco Systems' Internetwork Operating System (IOS) is susceptible to attacks in which hackers could cause a denial of service or launch malicious code, according to an analysis conducted by researchers at London-based Information Risk Management (IRM). IRM Chief Research Officer Andy Davis conducted the Cisco IOS security analysis over a two-month period along with senior consultants Gyan Chawdhary and Varun Uppal. The analysis includes videos demonstrating three different shellcode techniques the researchers used to gain remote level 15 (root) exec VTY (shell) access to IOS. Each piece of shellcode was written in PowerPC assembly language and launched from within a development environment rather than the payload to an exploit, the researchers noted, adding that the development server is connected to the Cisco router 2600 Series via a serial cable and Ethernet for TCP/IP communications. "It takes a short while for the shellcode to start functioning as it has been hooked into the IOS image checksumming routine that runs every 30-60 seconds," the researchers said. "When each starts running, the arbitrary text '' is displayed on the console to indicate successful execution of the shellcode." [snip] More: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1276 182,00.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHDZamq1pz9mNUZTMRAh15AKCn1SDmWjK1fWblqMYqXAEU43S7NgCgxtef VENZ98H3lx2mZwzOb8umdtE= =WShb -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Researchers Warn of New Attack Methods Against Cisco IOS Paul Ferguson (Oct 10)
- Re: Researchers Warn of New Attack Methods Against Cisco IOS Gadi Evron (Oct 10)
- Punishment given to Ohio Government official for lost tape... Young, Keith (Oct 11)
- Re: Researchers Warn of New Attack Methods Against Cisco IOS Gadi Evron (Oct 10)