| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Oct 2007 13:40:37 +0100 From: "Andy Davis" <andy.davis@...plc.com> To: <ekamerling@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk> Subject: Re: IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Erik, Details of a new remote vulnerability that we have discovered in IOS will be released in a security advisory later today. We have also developed three shellcode techniques that could be used as the payload to an IOS exploit and result in remote administrative access to the router - the videos demonstrating these are on our website (www.irmplc.com) Andy -----Original Message----- From: Erik Kamerling [mailto:ekamerling@...urityfocus.com] Sent: 10 October 2007 13:26 To: Andy Davis Subject: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Hi Andy, My name is Erik Kamerling. I am documenting these issues right now and I have a question regarding your FD post. Not to repeat verbatim what you just said..., but you guys have a remotely exploitable IOS vulnerability? Thanks for any clarification you can spare. Erik Andy Davis wrote: > There is also a fourth condition under which these payloads can be > executed - a remotely exploitable IOS vulnerability... > > Andy > > -----Original Message----- > From: Damir Rajnovic [mailto:gaus@...co.com] > Sent: 10 October 2007 11:58 > To: full-disclosure@...ts.grok.org.uk; Andy Davis > Cc: gaus@...co.com > Subject: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS > Exploitation Techniques > > Hello, > > This is response from Cisco PSIRT related to this matter. > > On Wed, Oct 10, 2007 at 10:55:54AM +0100, Andy Davis wrote: >> During the research, three shellcode payloads for IOS exploits were >> developed - a "reverse" shell, a password-protected "bind" shell and >> another "bind" shell that is achieved using only two 1-byte memory >> overwrites. IRM have produced videos demonstrating each of these >> payloads in action within a development environment. They can be > viewed > > > Cisco PSIRT is aware of the three videos IRM Plc. published on their > web site at > <http://www.irmplc.com/index.php/153-Embedded-Systems-Security>. > > Cisco and IRM agree that the videos do not demonstrate or represent a > vulnerability in Cisco IOS. Specifically, the code to manipulate > Cisco IOS could be inserted only under the following conditions: > > - Usage of the debugger functionality present in IOS > > - Having physical access to the device > > - Already logged in at the highest privilege level on the device. > > IRM approached Cisco PSIRT with this information prior to its public > release and Cisco has confirmed the information provided is a > proof-of-concept that third party code could be inserted under these > specific conditions. > > Regards, > > Gaus > > ============== > Damir Rajnovic <psirt@...co.com>, PSIRT Incident Manager, Cisco Systems > <http://www.cisco.com/go/psirt> Telephone: +44 7715 546 033 > 200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB > ============== > There are no insolvable problems. > The question is can you accept the solution? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists