funsec mailing list archives

Re: Researchers Warn of New Attack Methods Against Cisco IOS

From: Gadi Evron <ge () linuxbox org>
Date: Wed, 10 Oct 2007 22:28:05 -0500 (CDT)

As far as Cisco explained, the likelihood of this attack is extremely low.Knowing Cisco I'd make it almost extremely low to very low.

The important part in this hyped story (which hurts Cisco for now reason)is that it is a shellcode that works on IOS.


        Gadi.


On Thu, 11 Oct 2007, Paul Ferguson wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via SearchSecurity.com.

[snip]

Cisco Systems' Internetwork Operating System (IOS) is susceptible to
attacks in which hackers could cause a denial of service or launch
malicious code, according to an analysis conducted by researchers at
London-based Information Risk Management (IRM).

IRM Chief Research Officer Andy Davis conducted the Cisco IOS security
analysis over a two-month period along with senior consultants Gyan
Chawdhary and Varun Uppal. The analysis includes videos demonstrating three
different shellcode techniques the researchers used to gain remote level 15
(root) exec VTY (shell) access to IOS.

Each piece of shellcode was written in PowerPC assembly language and
launched from within a development environment rather than the payload to
an exploit, the researchers noted, adding that the development server is
connected to the Cisco router 2600 Series via a serial cable and Ethernet
for TCP/IP communications. "It takes a short while for the shellcode to
start functioning as it has been hooked into the IOS image checksumming
routine that runs every 30-60 seconds," the researchers said. "When each
starts running, the arbitrary text '' is displayed on the console to
indicate successful execution of the shellcode."

[snip]

More:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1276
182,00.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHDZamq1pz9mNUZTMRAh15AKCn1SDmWjK1fWblqMYqXAEU43S7NgCgxtef
VENZ98H3lx2mZwzOb8umdtE=
=WShb
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Researchers Warn of New Attack Methods Against Cisco IOS Paul Ferguson (Oct 10)
- Re: Researchers Warn of New Attack Methods Against Cisco IOS Gadi Evron (Oct 10)
  - Punishment given to Ohio Government official for lost tape... Young, Keith (Oct 11)