|
Brought to you by:
Suppliers of:
|
|
|
| |
Cisco IOS (originally Internetwork Operating System) is the operating system used on Cisco Systems routers and some network switches (those which do not use CatOS). It is a multitasking operating system and provides kernel services such as process scheduling as well as the command line interface and routing software.
The Cisco Internetwork Operating System (IOS) may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. |
| |
Credit:
The original article can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a008055ef31.shtml
|
| |
Vulnerable Systems:
* All Cisco products that run Cisco IOS Software.
Cisco IOS may be susceptible to remote code execution through attack vectors such as specific heap-based overflows in which internal operating system timers may execute arbitrary code from portions of memory that have been overwritten via exploitation.
In many cases, a heap-based overflow in Cisco IOS will simply corrupt system memory and trigger a system reload when detected by the "Check Heaps" process, which constantly monitors for such memory corruption. In a successful attack against an appropriate heap-based overflow, it is possible to achieve code execution without the device crashing immediately.
Successful exploitations of heap-based buffer overflow vulnerabilities in Cisco IOS software often result in a Denial of Service because the exploit causes the router to crash and reload due to inconsistencies in running memory. In some cases it is possible to overwrite areas of system memory and execute arbitrary code from those locations. In the event of successful remote code execution, device integrity will have been completely compromised.
For more information visit original article at:
http://www.cisco.com/en/US/products/products_security_advisory09186a008055ef31.shtml
|
|
|
|
|
