Wednesday, October 10, 2007

Researchers Warn of New Attack Methods Against Cisco IOS

Bill Brenner writes on SearchSecurity.com News:

Cisco Systems' Internetwork Operating System (IOS) is susceptible to attacks in which hackers could cause a denial of service or launch malicious code, according to an analysis conducted by researchers at London-based Information Risk Management (IRM).

IRM Chief Research Officer Andy Davis conducted the Cisco IOS security analysis over a two-month period along with senior consultants Gyan Chawdhary and Varun Uppal. The analysis includes videos demonstrating three different shellcode techniques the researchers used to gain remote level 15 (root) exec VTY (shell) access to IOS.

Each piece of shellcode was written in PowerPC assembly language and launched from within a development environment rather than the payload to an exploit, the researchers noted, adding that the development server is connected to the Cisco router 2600 Series via a serial cable and Ethernet for TCP/IP communications. "It takes a short while for the shellcode to start functioning as it has been hooked into the IOS image checksumming routine that runs every 30-60 seconds," the researchers said. "When each starts running, the arbitrary text '' is displayed on the console to indicate successful execution of the shellcode."

More here.

0 Comments:

Post a Comment

<< Home