> Cisco and IRM agree that the videos do not demonstrate or represent a
> vulnerability in Cisco IOS. Specifically, the code to manipulate
> Cisco IOS could be inserted only under the following conditions:
>
> - Usage of the debugger functionality present in IOS
>
> - Having physical access to the
D]>
Cópia: Andy Davis <[EMAIL PROTECTED]>, @fjaunet.com.br
Assunto: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
Data: 10/10/07 10:42
>
> Oi Rodrigo,
>
> by this statement on Gaus' email I would say it's not possible. But I
will
GPG KeyID: 1FCEDEA1
- Mensagem Original
De: Andy Davis <[EMAIL PROTECTED]>
Para: Rodrigo Rubira Branco BSDaemon <[EMAIL PROTECTED]>,
full-disclosure@lists.grok.org.uk
Assunto: RE: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
Data: 10
videos demonstrating these are on our website
(www.irmplc.com)
Andy
-Original Message-
From: Erik Kamerling [mailto:[EMAIL PROTECTED]
Sent: 10 October 2007 13:26
To: Andy Davis
Subject: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
Hi Andy,
My name is
10:46
To: Gaus; "full-disclosure@lists.grok.org.uk"@fjaunet.com.br; Andy Davis
Subject: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
Also if you have any vulnerability (remote) that can lead to code
execution,
right?
cya,
Rodrigo (BSDa
;
Para: full-disclosure@lists.grok.org.uk ,
Andy Davis <[EMAIL PROTECTED]>
Assunto: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
Data: 10/10/07 09:18
> Hello,
>
> This is response from Cisco PSIRT related to this matter.
>
> On Wed, Oct 10, 200
PROTECTED]
Subject: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
Hello,
This is response from Cisco PSIRT related to this matter.
On Wed, Oct 10, 2007 at 10:55:54AM +0100, Andy Davis wrote:
> During the research, three shellcode payloads for IOS exploits w
Hello,
This is response from Cisco PSIRT related to this matter.
On Wed, Oct 10, 2007 at 10:55:54AM +0100, Andy Davis wrote:
> During the research, three shellcode payloads for IOS exploits were
> developed - a "reverse" shell, a password-protected "bind" shell and
> another "bind" shell that is
In August 2005 at Black Hat Las Vegas, Michael Lynn delivered his
infamous presentation entitled "Cisco IOS Shellcode and Exploitation
Techniques". For the first time ever, remote exploitation of Cisco IOS
was publicly demonstrated using shellcode that spawned a connect-back or
"reverse" shell. His