Creating Backdoors in Cisco IOS using Tcl

From: "IRM Research" <research@xxxxxxxxxx>
Date: Tue, 27 Nov 2007 10:48:39 -0000

Tcl (Tool Command Language) is a scripting language used extensively in
embedded systems, which is easy to use and has some powerful features.
The language has been supported by Cisco IOS for some time now and is
used, for example, in IOS IVR configuration as well as for automating
mundane tasks regularly performed by network administrators. This short
technical briefing describes a technique using Tcl to create a backdoor
within IOS that would allow a remote attacker to execute privileged
commands on a networking device. The document (which includes a
proof-of-concept Tcl script) can be downloaded here:

http://www.irmplc.com/index.php/153-Embedded-Systems-Security

Follow-Ups:
- Re: [Full-disclosure] Creating Backdoors in Cisco IOS using Tcl
  - From: Nicolas FISCHBACH

Prev by Date: [USN-545-1] link-grammar vulnerability
Next by Date: [USN-546-1] Firefox vulnerabilities
Previous by thread: [USN-545-1] link-grammar vulnerability
Next by thread: Re: [Full-disclosure] Creating Backdoors in Cisco IOS using Tcl
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] Creating Backdoors in Cisco IOS using Tcl
... Tcl (Tool Command Language) is a scripting language used extensively in ... technical briefing describes a technique using Tcl to create a backdoor ...
(Full-Disclosure)
Re: OO in the Tcl core [Was: Re: ITcl 3.3
... (none of them was a scripting language). ... Some (like Java) failed. ... Tcl did, I think; applications like SourceNavigator, Insight or RamDebugger ... I don't think Tcl would be the most popular scripting language, ...
(comp.lang.tcl)
Re: Project size
... Besides Tcl the languages I am fluent in are Pascal, ... Everybody has a limit (LOC is not everything ... scripting language, than all I wrote above is moot and beside the ... It's true for me, though, since Tcl is the only scripting language I ...
(comp.lang.tcl)
New mini-language
... Has anyone written a small scripting language on top of Tcl in order to ... give the user some ability to write short scripts on their own? ...
(comp.lang.tcl)
Re: Obstacles for Tcl/Tk commercial application development ?
... And once I put an integer into a variable in Tcl, it stays an integer until I assign something else to that variable. ... Usually, when I code, I know the language well enough to know what types the expressions return, so I don't wind up with the wrong types in variables. ... It takes a char* as the second argument, not a pointer to the structure you're trying to write out. ... If I expect my code to pass me an open file handle, and I pass that argument to and it throws, I'm going to catch that error at the top level, log the stack trace back, clean up, and restart the processing. ...
(comp.lang.tcl)