| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jun 2007 10:56:12 +0100
From: "Andy Davis" <andy.davis@...plc.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: IOS Exploitation Techniques Paper
It has been more than a year since Michael Lynn first demonstrated a
reliable code execution exploit on Cisco IOS at Black Hat 2005. Although
his presentation received a lot of media coverage in the security
community, very little is known about the attack and the technical
details surrounding the IOS check_heaps() vulnerability. This paper is a
result of research carried out by IRM to analyse and understand the
check_heaps() attack and its impact on similar embedded devices.
Furthermore, it also helps developers understand security-specific
issues in embedded environments and developing mitigation strategies for
similar vulnerabilities. The paper primarily focuses on the techniques
developed for bypassing the check_heaps() process, which has
traditionally prevented reliable exploitation of memory-based overflows
on the IOS platform. Using inbuilt IOS commands, memory dumps and open
source tools IRM was able to recreate the vulnerability in a lab
environment. The paper is divided in three sections, which cover the
ICMPv6 source-link attack vector, IOS Operating System internals, and
finally the analysis of the attack itself.
The full paper can be downloaded from:
http://www.irmplc.com/index.php/69-Whitepapers
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists