[Dshield] Cisco IOS Heap-based Overflow Vulnerability in SystemTimers
karlblau at volvo.se
Thu Nov 10 10:26:45 GMT 2005
How do you Guys/Girls target this??.. are you mass upgrading all your
In my organization we are in a kinda moment 22 situation. If we were/are
to upgrade all
routers/swithces running IOS software,we would result in doing so to
ower > 1000 devices
That would take alot of time and hard testing before even trying... and
even after testing there will shurly
be some problems that one could try and test in the lab before uppgrading.
From the little info released from cisco about this you dont realy know
how serious to take
I know that if there would to be a success full exploit of this , it
would be come larger then
anything else we ever seen regading the impact of the
worm/virus/etc..., And from what i can understand
there are some info thats point to that there will come an sufficient
exploit for this.
But then on the other side , If this would be critical ( wich is my
personal though ) wouldnt sans,cert,etc
Target this vunarbilty higher??.. i havent seen much written about this
since the first notice..
Stephane Grobety wrote:
>I read the deatils and here is what I understood:
>IOS iomplements some safeguards against memory corruption. However,
>these safeguards are not effective at protecting a specific section of
>the memory used by system timers. However, it doesn't create a new
>So, in order to exploit it, an attacker must first exploit another
>flaw in the system that allows him to overwrite the memory used by the
>IOS system timers. If he overwrites and other part of the memory, the
>system integrity check with crash the router.
>In short: it means that some attacks that previously where known to be
>"simply" DOS can actually be exploited to run arbitrary code. This
>isn't exactly the end of the world as we know it though it IS of some
>However, this might put the fact that a critical portion of the net
>runs on top of IOS in the spotlight. If someone actually manages to
>write a worm that can sucessfully exploit IOS software, we might
>actually have that "doomsday worm" that would shut Internet down
>for some time.
>And this leads me to the following question: What would be the impact
>of such a worm ? From my point of view, I don't think that the loss
>(for my company) would be really large: although we do have critical
>business functions that are depending on Internet, we also have
>contingency plans that would allow these to switch to backup channels
>such as direct modem dial-up within in about 24 hours. But one thing
>still unknown is how much of the phone system would still stand if the
>net went down.
>Opinions ? remarks ?
>Using .Net? Need to know more about .Net Security?
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list