Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] IOS Exploitation Techniques Paper

from [Andy Davis] Network Security [Permanent Link]
Subject: [Full-disclosure] IOS Exploitation Techniques Paper
Date: Wed, 27 Jun 2007 10:56:12 +0100 
It has been more than a year since Michael Lynn first demonstrated a
reliable code execution exploit on Cisco IOS at Black Hat 2005. Although
his presentation received a lot of media coverage in the security
community, very little is known about the attack and the technical
details surrounding the IOS check_heaps() vulnerability. This paper is a
result of research carried out by IRM to analyse and understand the
check_heaps() attack and its impact on similar embedded devices.
Furthermore, it also helps developers understand security-specific
issues in embedded environments and developing mitigation strategies for
similar vulnerabilities. The paper primarily focuses on the techniques
developed for bypassing the check_heaps() process, which has
traditionally prevented reliable exploitation of memory-based overflows
on the IOS platform. Using inbuilt IOS commands, memory dumps and open
source tools IRM was able to recreate the vulnerability in a lab
environment. The paper is divided in three sections, which cover the
ICMPv6 source-link attack vector, IOS Operating System internals, and
finally the analysis of the attack itself.

 

The full paper can be downloaded from:

 

http://www.irmplc.com/index.php/69-Whitepapers

 

 

 

 

 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability, Maksymilian Arciemowicz
Next by Date:  [Full-disclosure] deviantArt does not check authorization for image download, Timothy Redaelli
Previous by Thread:  [Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability, Maksymilian Arciemowicz
Next by Thread:  Re: [Full-disclosure] IOS Exploitation Techniques Paper, Mike Caudill
Indexes:  [Date] [Thread] [Top] [All Lists]