Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco IOS Shellcode Presentation

From: Frank Knobbe <frank () knobbe us>
Date: Fri, 29 Jul 2005 19:07:49 -0500
On Fri, 2005-07-29 at 18:57 -0500, J.A. Terranson wrote:

They fucked up.  They'll have to fix it then.  But thats not the same

as

the gross negligence they're being accused of.


I'm not sure that can fix that. Unless they add canaries to the stack
and include other OpenBSD style W^X type checks. I mean, it's the same
problem any OS that uses stacks faces. It's just that we now begin to
see how things are laid out in IOS and gain information about its
routines, how it works, and how to bypass watchdogs and such.

Cisco just has to be more careful with vulnerabilities now since they
can be exploited better :)

Cheers,
Frank


-- 
Shame on Cisco. Double-Shame on ISS.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: