Hi FX, As always, thank you for your sage technical advice and pointers :)
Btw, the Cisco MDS 9000 seems to have some interesting debug commands as well, see Google search for the following: site:cisco.com "debug kernel" Does anyone know the OS for the MDS 9000? I'm reading this from http://www.cisco.com/en/US/netsol/ns340/ns394/ns259/ns261/netbr09186a00800c4658.html: "...easy-to-use Cisco MDS 9000 Fabric Manager and Device Manager GUI and CLI access similar to that of Cisco IOS Software." Perhaps this is like the Call Manager 5.0, which runs Linux but has a "IOS like" CLI? If this is the case, then maybe this type of attack vector may have potential against the MDS 9000? http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3593 Thanks again for sharing and kindest regards, --scm Shawn Merdinger Independent Security Researcher VoIPninja.com On 8/1/07, Felix 'FX' Lindner <[EMAIL PROTECTED]> wrote: > Hi Shawn, > > On Wed, 1 Aug 2007 10:14:47 -0600 "Shawn Merdinger" > <[EMAIL PROTECTED]> wrote: > > At level 15 permissions, when I enter "debug k" on the CLI the router > > freezes immediately, requiring a manual reboot. > > > > While not a vulnerability per se, perhaps something to keep in mind > > from the fat-finger risk? > > the full command is "debug kernel", and it halts the IOS kernel since > it will be in suspended state waiting for the serial line GDB debugger > to be attached and tell him to continue. Hence the freeze. > > BinNavi with GDB agent can use the serial line protocol to single-step > the IOS kernel. You can also just patch any gdb source you have around. > > cheers > FX > > -- > ????? Labs GmbH | Felix 'FX' Lindner <[EMAIL PROTECTED]> > http://www.?????-labs.com | GSM: +49 171 7402062 > Wrangelstrasse 4 | PGP: A740 DE51 9891 19DF 0D05 > 10997 Berlin, Germany | 13B3 1759 C388 C92D 6BBB > HRB 105213 B, Amtsgericht Charlottenburg, GF Felix Lindner > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
