> > And without IOS source, that would certainly be... challenging...
>
> I quite agree.
I disagree ... many, many buffer overflow exploits in closed-source
software packages have been discovered by trial and error, without
any use of source code; they aren't that hard to find. Simply find a
good search engine (such as astalavista.box.sk) and look for HOWTOs
on buffer overflows.
> IF the buffer overflow is on the stack
This is quite often the case ...
> and lets you overwrite the program counter
... this is almost always the case ...
> AND IF it can be overwritten to point into the buffer
... and this is almost always the case as well, unless using an OS designed
specifically to not allow execution of the stack (there are options for this
in Linux, et al.).
> knowledge of the IOS internals to make the code do anything "useful".
Like what knowledge? The type that could be gleaned by owning a
cheap refurbished Cisco unit?
> Short of that, there could be some risk that an attacker *might* be
> able to "hang" IOS rather than force a reset.
It would be much more entertaining if they were able to send all packets
to a multicast address ...
--
Michael T. Babcock
CTO, FibreSpeed
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
