|
Full Disclosure
mailing list archives
IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
From: "Andy Davis" <andy.davis () irmplc com>
Date: Wed, 10 Oct 2007 10:55:54 +0100
In August 2005 at Black Hat Las Vegas, Michael Lynn delivered his
infamous presentation entitled "Cisco IOS Shellcode and Exploitation
Techniques". For the first time ever, remote exploitation of Cisco IOS
was publicly demonstrated using shellcode that spawned a connect-back or
"reverse" shell. His shellcode was never released outside Cisco.
Over the last few months IRM have been researching the security of Cisco
IOS which has resulted in the discovery of a series of serious security
vulnerabilities (including three new stack overflows). Advisories and
associated IOS patches will be released over the coming months, starting
with the first - a co-ordinated release between IRM and Cisco at 12:00
EST today (http://www.irmplc.com/index.php/107-Advisories)
During the research, three shellcode payloads for IOS exploits were
developed - a "reverse" shell, a password-protected "bind" shell and
another "bind" shell that is achieved using only two 1-byte memory
overwrites. IRM have produced videos demonstrating each of these
payloads in action within a development environment. They can be viewed
here:
http://www.irmplc.com/index.php/153-Embedded-Systems-Security
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 10)
| 
Intro
