| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Oct 2007 13:10:18 +0100 From: "Andy Davis" <andy.davis@...plc.com> To: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo@...nelhacking.com>, <full-disclosure@...ts.grok.org.uk> Subject: Re: IRM Demonstrates Multiple Cisco IOS Exploitation Techniques It doesn't even need to be a remote vulnerability - all three techniques could be used to perform privilege escalation attacks against local vulnerabilities within IOS. Andy -----Original Message----- From: Rodrigo Rubira Branco (BSDaemon) [mailto:rodrigo@...nelhacking.com] Sent: 10 October 2007 10:46 To: Gaus; "full-disclosure@...ts.grok.org.uk"@fjaunet.com.br; Andy Davis Subject: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Also if you have any vulnerability (remote) that can lead to code execution, right? cya, Rodrigo (BSDaemon). -- http://www.kernelhacking.com/rodrigo Kernel Hacking: If i really know, i can hack GPG KeyID: 1FCEDEA1 --------- Mensagem Original -------- De: Gaus <gaus@...co.com> Para: full-disclosure@...ts.grok.org.uk <full-disclosure@...ts.grok.org.uk>, Andy Davis <andy.davis@...plc.com> Assunto: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Data: 10/10/07 09:18 > Hello, > > This is response from Cisco PSIRT related to this matter. > > On Wed, Oct 10, 2007 at 10:55:54AM +0100, Andy Davis wrote: > > During the research, three shellcode payloads for IOS exploits were > > developed - a "reverse" shell, a password-protected "bind" shell and > > another "bind" shell that is achieved using only two 1-byte memory > > overwrites. IRM have produced videos demonstrating each of these > > payloads in action within a development environment. They can be viewed > > > Cisco PSIRT is aware of the three videos IRM Plc. published on their > web site at <http://www.irmplc.com/index.php/153-Embedded-Systems-Security>. > > Cisco and IRM agree that the videos do not demonstrate or represent a > vulnerability in Cisco IOS. Specifically, the code to manipulate > Cisco IOS could be inserted only under the following conditions: > > - Usage of the debugger functionality present in IOS > > - Having physical access to the device > > - Already logged in at the highest privilege level on the device. > > IRM approached Cisco PSIRT with this information prior to its public > release and Cisco has confirmed the information provided is a > proof-of-concept that third party code could be inserted under these > specific conditions. > > Regards, > > Gaus > > Damir Rajnovic <psirt@...co.com>, PSIRT Incident Manager, Cisco Systems > <http://www.cisco.com/go/psirt> Telephone: +44 7715 546 033 > 200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB > There are no insolvable problems. > The question is can you accept the solution? > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ________________________________________________ Message sent using UebiMiau 2.7.2 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists