Saturday, 27 January 2007

‘Attack’ IP Option Against Core Infrastructure (Cisco’s Triple Vuln Play)

A couple of days ago a series of three vulnerabilities in Cisco IOS and IOS XR were disclosed. The most severe of these may allow for remote code execution on the affected device, a possibility made less theoretical after Blackhat 2005. The three issues are::

If you run a network, review these and start updating your devices or, if you run an old and unsupported train, disable features or block traffic against those interfaces. Luckily traffic transiting the device wont affect it.While various people are upset with Cisco for not disclosing vulnerability details, imagine the tightrope you have to walk disclosing how to defend against such an attack or detect it (ie with an IDS signature) when you represent a company with as critical an infrastructure role as Cisco’s. Tempers don’t appear to be too inflamed, however, and people seem to understand this predicament.

Attacks on Virtual Machine Emulators

As virtual machine emulators have become commonplace in the analysis of malicious code, malicious code has started to fight back. This paper describes known attacks against the most widely used virtual machine emulators (VMware and VirtualPC). This paper also demonstrates newly discovered attacks on other virtual machine emulators (Bochs, Hydra, QEMU, and Xen), and describes how to defend against them.Paper by Peter Ferrie, Senior Principal Researcher, Symantec Advanced Threat Research.
Full PDF