On 13 Jun 2001, at 9:43, Dave Horsfall wrote:
> On Tue, 12 Jun 2001 [EMAIL PROTECTED] wrote:
>
> > > Technically, it means the program counter got an illegal address
> > > in it.
> >
> > One of the ways this could happen is via a buffer overflow, which
> > may potentially be exploitable (although exploiting it will be much
> > harder than making it bus error).
>
> And without IOS source, that would certainly be... challenging...
I quite agree. IF the buffer overflow is on the stack and lets you
overwrite the program counter, AND IF it can be overwritten to point
into the buffer and thus run arbitrary code, THEN it would still take
knowledge of the IOS internals to make the code do anything "useful".
Short of that, there could be some risk that an attacker *might* be
able to "hang" IOS rather than force a reset. Neither of these are
things that an unauthenticated remote node *ought* to be able to do.
David Gillett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
