Check incoming data. The root cause of the vulnerability and attacks on Cisco IOS

On Friday, April 6, 2018, a powerful attack on Cisco equipment began .

They write a lot about the fact that the main reason this attack is successful is the Cisco Smart Install service ports open to external networks.

These ports are open by default. And people for the most part leave what is configured / selected / configured the way it was by default. As we can see, by the example of this case, this applies not only to home routers, but also to serious equipment in large companies, where the price of a mistake is much higher.
')
When creating a system, you do not have the right to expect that the default values ​​that should be changed will be changed, and in the right direction.

You can only force to change these values ​​with the help of any limiting use of techniques. What many will not welcome. “Foolproof” is one example of these binding restrictions.


I want to draw attention to the root of the vulnerability itself. In the report there is such a part:

Buffer overflow in smi_ibc_handle_ibd_init_discovery_msg function.


due to the fact that when copying data to a buffer of a fixed size, their size is not checked. The size of the data and they themselves are taken directly from the network package.

Those. Upon receipt of data from the outside, there is no checking for their correctness.

I think this is the main reminder to be made once again.

The programmer must validate data from outside. No data entered into the system by the user (whoever and whatever they may be) cannot be trusted.

PS By the way, this function is just examples of the fact that the programmer simply took the default value, from where it is - from the network packet.