lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 10 Oct 2007 12:31:18 +0100
From: "Andy Davis" <andy.davis@...plc.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: IRM Demonstrates Multiple Cisco IOS
	Exploitation Techniques

There is also a fourth condition under which these payloads can be
executed - a remotely exploitable IOS vulnerability...

Andy

-----Original Message-----
From: Damir Rajnovic [mailto:gaus@...co.com] 
Sent: 10 October 2007 11:58
To: full-disclosure@...ts.grok.org.uk; Andy Davis
Cc: gaus@...co.com
Subject: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques

Hello,

This is response from Cisco PSIRT related to this matter.

On Wed, Oct 10, 2007 at 10:55:54AM +0100, Andy Davis wrote:
> During the research, three shellcode payloads for IOS exploits were
> developed - a "reverse" shell, a password-protected "bind" shell and
> another "bind" shell that is achieved using only two 1-byte memory
> overwrites. IRM have produced videos demonstrating each of these
> payloads in action within a development environment. They can be
viewed


Cisco PSIRT is aware of the three videos IRM Plc. published on their
web site at
<http://www.irmplc.com/index.php/153-Embedded-Systems-Security>.
  
Cisco and IRM agree that the videos do not demonstrate or represent a
vulnerability in Cisco IOS. Specifically, the code to manipulate
Cisco IOS could be inserted only under the following conditions:
                
- Usage of the debugger functionality present in IOS
                            
- Having physical access to the device
                                          
- Already logged in at the highest privilege level on the device.
               
IRM approached Cisco PSIRT with this information prior to its public
release and Cisco has confirmed the information provided is a
proof-of-concept that third party code could be inserted under these
specific conditions.

Regards,

Gaus

==============
Damir Rajnovic <psirt@...co.com>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/go/psirt>      Telephone: +44 7715 546 033
200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB
==============
There are no insolvable problems. 
The question is can you accept the solution? 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ