Full Disclosure mailing list archives
IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
From: "Andy Davis" <andy.davis () irmplc com>
Date: Wed, 10 Oct 2007 10:55:54 +0100
In August 2005 at Black Hat Las Vegas, Michael Lynn delivered his infamous presentation entitled "Cisco IOS Shellcode and Exploitation Techniques". For the first time ever, remote exploitation of Cisco IOS was publicly demonstrated using shellcode that spawned a connect-back or "reverse" shell. His shellcode was never released outside Cisco. Over the last few months IRM have been researching the security of Cisco IOS which has resulted in the discovery of a series of serious security vulnerabilities (including three new stack overflows). Advisories and associated IOS patches will be released over the coming months, starting with the first - a co-ordinated release between IRM and Cisco at 12:00 EST today (http://www.irmplc.com/index.php/107-Advisories) During the research, three shellcode payloads for IOS exploits were developed - a "reverse" shell, a password-protected "bind" shell and another "bind" shell that is achieved using only two 1-byte memory overwrites. IRM have produced videos demonstrating each of these payloads in action within a development environment. They can be viewed here: http://www.irmplc.com/index.php/153-Embedded-Systems-Security
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 10)
- Re: IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Damir Rajnovic (Oct 10)
- Re: IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 10)
- Re: IRM Demonstrates Multiple Cisco IOS Exploitation Techniques crazy frog crazy frog (Oct 10)
- Re: IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Damir Rajnovic (Oct 10)