lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 10 Oct 2007 23:52:31 +0100
From: "Andy Davis" <andy.davis@...plc.com>
To: "Halvar Flake" <halvar.flake@...re-security.com>,
	<bugtraq@...urityfocus.com>
Subject: RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques

Halvar,

Please let me clarify some misconceptions currently being spread by the
Cisco "media machine":

All three techniques demonstrated in the videos are shellcode payloads
written in PowerPC assembly language (for the Cisco 2600 series
routers). They are being demonstrated from within gdb rather than as the
payloads to actual exploits.

ANY Cisco IOS vulnerability that can result in arbitrary code execution
(heap/stack overflow etc.) can potentially be exploited using any of
these three exploits payloads. Furthermore, if an IOS vulnerability is
being exploited:

- console access is NOT required
- the enable password is NOT required
- the debugger does NOT need to be enabled

An example of a remote memory corruption vulnerability, which may
potentially be able to be exploited using these payloads is the IOS LPD
remote stack overflow vulnerability
(http://www.irmplc.com/index.php/155-Advisory-024) that we released
earlier today.

We should be releasing hi-res versions of the videos at some stage in
the next 24 hours at
http://www.irmplc.com/index.php/153-Embedded-Systems-Security. 

I hope that makes things a bit clearer for everyone

Cheers,

Andy 

-----Original Message-----
From: Halvar Flake [mailto:halvar.flake@...re-security.com] 
Sent: 11 October 2007 20:25
To: Gaus; bugtraq@...urityfocus.com
Cc: gaus@...co.com
Subject: Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques

So in short, they are demonstrating that 

* IF you have console access
* AND the enable password
* AND you enable the debugger

you can execute code ?

So all in all, it's a complete non-issue ?

Cheers,
Halvar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ