[Dshield] Cisco IOS Heap-based Overflow Vulnerability in System Timers

Stephane Grobety security at admin.fulgan.com
Wed Nov 2 18:52:43 GMT 2005


I read the deatils and here is what I understood:

IOS iomplements some safeguards against memory corruption. However,
these safeguards are not effective at protecting a specific section of
the memory used by system timers. However, it doesn't create a new
attack vector.

So, in order to exploit it, an attacker must first exploit another
flaw in the system that allows him to overwrite the memory used by the
IOS system timers. If he overwrites and other part of the memory, the
system integrity check with crash the router.

In short: it means that some attacks that previously where known to be
"simply" DOS can actually be exploited to run arbitrary code. This
isn't exactly the end of the world as we know it though it IS of some
concern.

However, this might put the fact that a critical portion of the net
runs on top of IOS in the spotlight. If someone actually manages to
write a worm that can sucessfully exploit IOS software, we might
actually have that "doomsday worm" that would shut Internet down
for some time.

And this leads me to the following question: What would be the impact
of such a worm ? From my point of view, I don't think that the loss
(for my company) would be really large: although we do have critical
business functions that are depending on Internet, we also have
contingency plans that would allow these to switch to backup channels
such as direct modem dial-up within in about 24 hours. But one thing
still unknown is how much of the phone system would still stand if the
net went down.

Opinions ? remarks ?

Good luck,
Stephane




More information about the list mailing list