RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
Halvar,
Please let me clarify some misconceptions currently being spread by the
Cisco "media machine":
All three techniques demonstrated in the videos are shellcode payloads
written in PowerPC assembly language (for the Cisco 2600 series
routers). They are being demonstrated from within gdb rather than as the
payloads to actual exploits.
ANY Cisco IOS vulnerability that can result in arbitrary code execution
(heap/stack overflow etc.) can potentially be exploited using any of
these three exploits payloads. Furthermore, if an IOS vulnerability is
being exploited:
- console access is NOT required
- the enable password is NOT required
- the debugger does NOT need to be enabled
An example of a remote memory corruption vulnerability, which may
potentially be able to be exploited using these payloads is the IOS LPD
remote stack overflow vulnerability
(http://www.irmplc.com/index.php/155-Advisory-024) that we released
earlier today.
We should be releasing hi-res versions of the videos at some stage in
the next 24 hours at
http://www.irmplc.com/index.php/153-Embedded-Systems-Security.
I hope that makes things a bit clearer for everyone
Cheers,
Andy
-----Original Message-----
From: Halvar Flake [mailto:halvar.flake@xxxxxxxxxxxxxxxxxx]
Sent: 11 October 2007 20:25
To: Gaus; bugtraq@xxxxxxxxxxxxxxxxx
Cc: gaus@xxxxxxxxx
Subject: Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
So in short, they are demonstrating that
* IF you have console access
* AND the enable password
* AND you enable the debugger
you can execute code ?
So all in all, it's a complete non-issue ?
Cheers,
Halvar