lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <F7B73864DD39FA40B6C56B3CE0D4D1CB63454F@asdc003.abovesecurite.lan> Date: Fri Jul 29 20:25:09 2005 From: eric.lauzon at abovesecurity.com (Eric Lauzon) Subject: Cisco IOS Shellcode Presentation > On Fri, 29 Jul 2005, Eric Lauzon wrote: > > : > :So mutch fuss....its all so new .. > : > : > :http://www.phrack.org/phrack/56/p56-0x0a > : > : > :-elz > > I don't get your point; it obviously seems you're trying to be > sarcastic. > > I think, if you realize what you're talking about, the point of the > talk was the idea of reliably being able to exploit a IOS > vulnerability. > Reliably meaning having the cisco box not reboot on you (or other > various scenarios that could occur). > > Gaius has some good information there, but there's a difference > between being on a router and plugging in backdoor code and actually > being able to get onto the router via an exploit. > > So what was the key point? CHECK HEAPS -- the idle proc that kicks in > to validate heap management structures. Think about > malloc() bugs (double free()'s and stuff) that were talked about a few > years back... Those were easier to exploit b/c they didn't have a > check heaps code that kicks in... I am stating that exploiting IOS flaw is nothing so new to the world. In conclusion, if IOS can be backdoored it can be exploited as any other os/arch due to design flaws. Still people talk about vulnerability when credential can be stolen and IOS can be replaced, in my book the two are not so far, exploit or use of stolen credential to backdoor. Because in the end you still want to keep control ;) -elz
Powered by blists - more mailing lists