Vulnerability Development mailing list archives
IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
From: "Andy Davis" <andy.davis () irmplc com>
Date: Wed, 10 Oct 2007 11:27:20 +0100
In August 2005 at Black Hat Las Vegas, Michael Lynn delivered his infamous presentation entitled "Cisco IOS Shellcode and Exploitation Techniques". For the first time ever, remote exploitation of Cisco IOS was publicly demonstrated using shellcode that spawned a connect-back or "reverse" shell. His shellcode was never released outside Cisco. Over the last few months IRM have been researching the security of Cisco IOS which has resulted in the discovery of a series of serious security vulnerabilities (including three new stack overflows). Advisories and associated IOS patches will be released over the coming months, starting with the first - a co-ordinated release between IRM and Cisco at 12:00 EST today (http://www.irmplc.com/index.php/107-Advisories) During the research, three shellcode payloads for IOS exploits were developed - a "reverse" shell, a password-protected "bind" shell and another "bind" shell that is achieved using only two 1-byte memory overwrites. IRM have produced videos demonstrating each of these payloads in action within a development environment. They can be viewed here: http://www.irmplc.com/index.php/153-Embedded-Systems-Security
Current thread:
- IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 10)