Dailydave mailing list archives
Re: No sellout. was: RE: Lynn / Cisco shellcode
From: "I)ruid" <druid () caughq org>
Date: Tue, 02 Aug 2005 15:41:58 -0500
On Mon, 2005-08-01 at 17:28 -0300, Holden Williamson wrote:
Oh come on. As somone already pointed out elsewhere "Nobody who has spent more than a year doing vulnerability work believes that buffer overflows are unexploitable anywhere, even on platforms that preemptively reboot to avoid problems." If a system runs executable code it can be made to run unauthorized executable code - from your PC to your cable-modem to your bloody xbox. This is computer security 101. It's not 1992AD anymore guys.
I don't think that the misconception of routers not being exploitable was the point at all. Yes, he touched on that, but that wasn't the real issue he was there to speak on. You're right in that most of the attendees to his presentation most likely don't have that misconception at all and picked up on the real issues: I think the major issues that Mike brought to light that most experienced people walked away from the presentation with (me included) were that there are ways to fool IOS's check_heaps function which preemptively reboots the device if something is amiss (usually thwarting most exploit attempts) and that the upcoming versions of IOS will make exploitation MUCH easier by creating aligned address space across multiple versions of IOS, which currently change with each /build/ of the software. -- I)ruid, CĀ²ISSP druid () caughq org http://druid.caughq.org
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- No sellout. was: RE: Lynn / Cisco shellcode surreal (Jul 28)
- Re: No sellout. was: RE: Lynn / Cisco shellcode security curmudgeon (Jul 29)
- Re: No sellout. was: RE: Lynn / Cisco shellcode Holden Williamson (Jul 29)
- Re: No sellout. was: RE: Lynn / Cisco shellcode byte_jump (Jul 29)
- Re: No sellout. was: RE: Lynn / Cisco shellcode Holden Williamson (Aug 01)
- Re: No sellout. was: RE: Lynn / Cisco shellcode byte_jump (Aug 01)
- Re: No sellout. was: RE: Lynn / Cisco shellcode Holden Williamson (Aug 01)
- Re: No sellout. was: RE: Lynn / Cisco shellcode I)ruid (Aug 02)
- Re: No sellout. was: RE: Lynn / Cisco shellcode Holden Williamson (Aug 02)
- Re: No sellout. was: RE: Lynn / Cisco shellcode I)ruid (Aug 02)
- Re: No sellout. was: RE: Lynn / Cisco shellcode byte_jump (Jul 29)
- <Possible follow-ups>
- RE: No sellout. was: RE: Lynn / Cisco shellcode Dennis Cox (Jul 29)
- RE: No sellout. was: RE: Lynn / Cisco shellcode Paul Melson (Aug 01)
- Re: No sellout. was: RE: Lynn / Cisco shellcode Holden Williamson (Aug 01)
- Re: No sellout. was: RE: Lynn / Cisco shellcode TAREK (Aug 02)
- Re: No sellout. was: RE: Lynn / Cisco shellcode M. Shirk (Aug 02)
- RE: No sellout. was: RE: Lynn / Cisco shellcode Todd Towles (Aug 02)