Hi there, attached is a prove of concept exploit for the Cisco IOS TFTP-Server bug in versions 11.1-11.3. It will work on the 1600 and 1000 series and implements what we believe is a general way to exploit IOS heap overflows. The slides from BlackHat and DefCon covering the technique in more detail can be found at http://www.phenoelit.de/ultimaratio/index.html . Cisco's advisory can be found here (might wrap): http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml Notice the slightly different point of view in the "Impact" section. yours truly, FX -- FX <fxat_private> Phenoelit (http://www.phenoelit.de) 672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
This archive was generated by hypermail 2b30 : Thu Aug 22 2002 - 06:12:42 PDT