lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <F7B73864DD39FA40B6C56B3CE0D4D1CB63454F@asdc003.abovesecurite.lan>
Date: Fri Jul 29 20:25:09 2005
From: eric.lauzon at abovesecurity.com (Eric Lauzon)
Subject: Cisco IOS Shellcode Presentation

> On Fri, 29 Jul 2005, Eric Lauzon wrote:
> 
> : 
> :So mutch fuss....its all so new ..
> :
> :
> :http://www.phrack.org/phrack/56/p56-0x0a
> :
> :
> :-elz
> 
> I don't get your point; it obviously seems you're trying to be 
> sarcastic.
> 
> I think, if you realize what you're talking about, the point of the 
> talk was the idea of reliably being able to exploit a IOS 
> vulnerability.
> Reliably meaning having the cisco box not reboot on you (or other 
> various scenarios that could occur).
> 
> Gaius has some good information there, but there's a difference 
> between being on a router and plugging in backdoor code and actually 
> being able to get onto the router via an exploit.
> 
> So what was the key point?  CHECK HEAPS -- the idle proc that kicks in

> to validate heap management structures.  Think about
> malloc() bugs (double free()'s and stuff) that were talked about a few

> years back... Those were easier to exploit b/c they didn't have a 
> check heaps code that kicks in...

I am stating that exploiting IOS flaw is nothing so new to the world.

In conclusion, if IOS can be backdoored it can be exploited as any other
os/arch due to design flaws.

Still people talk about vulnerability when credential can be stolen and
IOS can be replaced, in my book the two are not so far, exploit or use
of stolen credential to backdoor. Because in the end you still want to
keep control ;)


-elz
 

Powered by blists - more mailing lists