[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS Exploitation Techniques

To: "Gaus" <gaus@xxxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx"@fjaunet.com.br, "Andy Davis" <andy.davis@xxxxxxxxxx>
Subject: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo@xxxxxxxxxxxxxxxxx>
Date: Wed, 10 Oct 2007 9:45:51 -0000

Also if you have any vulnerability (remote) that can lead to code execution,
right?


cya,


Rodrigo (BSDaemon).

--
http://www.kernelhacking.com/rodrigo

Kernel Hacking: If i really know, i can hack

GPG KeyID: 1FCEDEA1


--------- Mensagem Original --------
De: Gaus <gaus@xxxxxxxxx>
Para: full-disclosure@xxxxxxxxxxxxxxxxx <full-disclosure@xxxxxxxxxxxxxxxxx>,
Andy Davis <andy.davis@xxxxxxxxxx>
Assunto: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
Data: 10/10/07 09:18

> Hello,
>
> This is response from Cisco PSIRT related to this matter.
>
> On Wed, Oct 10, 2007 at 10:55:54AM +0100, Andy Davis wrote:
> &gt; During the research, three shellcode payloads for IOS exploits were
> &gt; developed - a &quot;reverse&quot; shell, a password-protected
&quot;bind&quot; shell and
> &gt; another &quot;bind&quot; shell that is achieved using only two 1-byte
memory
> &gt; overwrites. IRM have produced videos demonstrating each of these
> &gt; payloads in action within a development environment. They can be
viewed
>
>
> Cisco PSIRT is aware of the three videos IRM Plc. published on their
> web site at
&lt;http://www.irmplc.com/index.php/153-Embedded-Systems-Security&gt;.
>
> Cisco and IRM agree that the videos do not demonstrate or represent a
> vulnerability in Cisco IOS. Specifically, the code to manipulate
> Cisco IOS could be inserted only under the following conditions:
>
> - Usage of the debugger functionality present in IOS
>
> - Having physical access to the device
>
> - Already logged in at the highest privilege level on the device.
>
> IRM approached Cisco PSIRT with this information prior to its public
> release and Cisco has confirmed the information provided is a
> proof-of-concept that third party code could be inserted under these
> specific conditions.
>
> Regards,
>
> Gaus
>
> Damir Rajnovic &lt;psirt@xxxxxxxxx&gt;, PSIRT Incident Manager, Cisco
Systems
> &lt;http://www.cisco.com/go/psirt&gt;      Telephone: +44 7715 546 033
> 200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB
> There are no insolvable problems.
> The question is can you accept the solution?
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

________________________________________________
Message sent using UebiMiau 2.7.2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
  - From: Andy Davis

Prev by Date: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
Next by Date: Re: [Full-disclosure] List of security conferences
Previous by thread: Re: [Full-disclosure] List of security conferences
Next by thread: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
Index(es):
- Date
- Thread