Hacker demos reliable Cisco IOS exploit

Security researcher Felix 'FX' Lindner of Phenoelit on Monday gave the first public demonstration of a reliable technique for exploiting buffer overflows in Cisco IOS routers. The demo was delivered at the 25th Chaos Communication Congress in Berlin, reports Heise Online.

According to Heise:

FX's presentation outlined an exploit technique that uses fragments of code from the ROMMON, the boot loader that loads IOS, the Cisco operating system, on system start-up. ROMMON is always positioned at constant addresses at the bottom end of memory and there are only a few different versions of ROMMON.

Lindner demonstrated how a single ping packet could be used to make a Cisco router send text and said that the technique could be used to inject more complex code required for an attack, reports Heise.

According to Heise:

The problem with attacks on Cisco routers is that the system images used are so different that each device is virtually unique. That means that exploitable code and essential functions are always held at different addresses, so the Cisco exploits published up to now really only work on the demo system they were built for and not on arbitrary systems running in the wild.

The research could help security folks understand what to look for to discover injected malicious code.

More from Cisco Subnet:* A look back at Cisco in 2008; What to expect from Cisco in 2009* Cisco ain't got the skills to make it in the consumer marketCisco to introduce home stereo, video gear at CESCisco wireless IPS gets an overhaulQuiz: How much to do know about Cisco (2008 Edition)The Twelve Days of CiscoUnder the hood: Cisco unified communicationsCisco News and Review podcast

*

*

*

*

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)