Cisco IOS exploit PoC

From: FX (fxat_private)
Date: Thu Aug 22 2002 - 01:03:10 PDT

Next message: Alex Muntada: "Re: Information disclosure on mod_auth ( apache 1.3.26 ) ?"

Previous message: http-equivat_private: "Terrible: Windows Media Player"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi there,

attached is a prove of concept exploit for the Cisco IOS TFTP-Server bug in
versions 11.1-11.3. It will work on the 1600 and 1000 series and implements
what we believe is a general way to exploit IOS heap overflows. 

The slides from BlackHat and DefCon covering the technique in more detail can
be found at http://www.phenoelit.de/ultimaratio/index.html .

Cisco's advisory can be found here (might wrap):
http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml 
Notice the slightly different point of view in the "Impact" section.

yours truly,
FX

-- 
         FX           <fxat_private>
      Phenoelit   (http://www.phenoelit.de)
672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564

text/plain attachment: UltimaRatioVegas.c

Next message: Alex Muntada: "Re: Information disclosure on mod_auth ( apache 1.3.26 ) ?"
Previous message: http-equivat_private: "Terrible: Windows Media Player"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 22 2002 - 06:12:42 PDT