‘Cisco IOS Exploitation Techniques Paper’
‘It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability.
‘The information has been provided by Andy Davis.
The original article can be found at: http://www.irmplc.com/download_pdf.php?src=Cisco_IOS_Exploitation_Techniques.pdf&force=yes‘
The check_heaps() vulnerability was mainly due to design issues and further exploitable due to the lack of memory protection support between processes. Many embedded system vendors still rely on choosing performance and speed over security. As more and more ‘intelligence’ is built into consume and commercial devices using embedded operating systems and software, the more significant these potential vulnerabilities may become. Therefore embedded systems vendors need to be aware of the potential attacks against their systems and the fact that many hackers are getting bored with researching traditional operating systems and are turning to embedded devices for a new challenge.’