Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: No sellout. was: RE: Lynn / Cisco shellcode

From: "I)ruid" <druid () caughq org>
Date: Tue, 02 Aug 2005 15:41:58 -0500
On Mon, 2005-08-01 at 17:28 -0300, Holden Williamson wrote:

Oh come on. As somone already pointed out elsewhere "Nobody who has
spent more than a year doing vulnerability work believes that buffer
overflows are unexploitable anywhere, even on platforms that
preemptively reboot to avoid problems."
If a system runs executable code it can be made to run unauthorized
executable code - from your PC to your cable-modem to your bloody
xbox. This is computer security 101. It's not 1992AD anymore guys.


I don't think that the misconception of routers not being exploitable
was the point at all.  Yes, he touched on that, but that wasn't the real
issue he was there to speak on.  You're right in that most of the
attendees to his presentation most likely don't have that misconception
at all and picked up on the real issues:

I think the major issues that Mike brought to light that most
experienced people walked away from the presentation with (me included)
were that there are ways to fool IOS's check_heaps function which
preemptively reboots the device if something is amiss (usually thwarting
most exploit attempts) and that the upcoming versions of IOS will make
exploitation MUCH easier by creating aligned address space across
multiple versions of IOS, which currently change with each /build/ of
the software.

-- 
I)ruid, CĀ²ISSP
druid () caughq org
http://druid.caughq.org

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: