Subject: Creating Backdoors in Cisco IOS using Tcl
Date: Tue, 27 Nov 2007 10:48:39 -0000
Message-ID: <7B01ACCEDD4FFE48B12A55E2DB16A93026C6FD@dccheltenham.local.irmplc.com.>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Creating Backdoors in Cisco IOS using Tcl
Thread-Index: Acgw4xIcm5cJ42aqR1SYc5f0X1GvDA==
From: "IRM Research" <research@irmplc.com.>
To: <bugtraq@securityfocus.com.>, <full-disclosure@lists.grok.org.uk.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
Tcl (Tool Command Language) is a scripting language used extensively in
embedded systems, which is easy to use and has some powerful features.
The language has been supported by Cisco IOS for some time now and is
used, for example, in IOS IVR configuration as well as for automating
mundane tasks regularly performed by network administrators. This short
technical briefing describes a technique using Tcl to create a backdoor
within IOS that would allow a remote attacker to execute privileged
commands on a networking device. The document (which includes a
proof-of-concept Tcl script) can be downloaded here:
http://www.irmplc.com/index.php/153-Embedded-Systems-Security
