Cisco is back, so you can go read up on their new advisories (<--- See! English)
Here they are:
1: Cisco Security Advisory: Cisco IOS Secure Copy Authorization Bypass Vulnerability
2: Cisco Security Advisory: Cisco IOS Next Hop Resolution Protocol Vulnerability
3: Cisco Security Advisory: Cisco IOS Information Leakage Using IPv6 Routing Header
4: Cisco Security Advisory: Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
Issue 1:
IOS has the capability to act as an SCP server (through the addition of the IOS Secure Copy Server service). There is a flaw in this service that allows any valid user to access any file on the Cisco device (including device configuration files).
Issue 2:
There is an issue with Cisco's implementation of the Next Hop Resolution Protocol (NHRP) that could potentially cause a device restart or (possibly) code execution on the device. The issue affects NHRP running at all layers (Layer 2, GRE / mGRE, or at the IP layer).
Issue 3:
Specially crafted IPv6 packets with a type 0 routing header can cause information leakage or a crash of the affected IOS or IOS XR devices.
Issue 4:
There are issues with voice-related vulnerabilities in multiple protocols [Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), Signaling protocols H.323, H.254, Real-time Transport Protocol (RTP), and Facsimile reception]. These issues affect IOS (if voice services are enabled) and one (SIP related) is found in Cisco Unified Communications Manager.
Mitigating issues:
1: Not much... user needs a login, but after that, it's pretty much game-over.
2: Layer 2 only... attacker needs to be on the same link
3: Only the IPv6 subsystem crashes... IPv4 appears (from the advisory) to still function
4: Uh... not much... patch this 'un now.. The others can potentially wait for testing, this one can't.
If you're doing VoIP stuff w/Cisco hardware, then Issue #4 is a definite must-do... other than that, prioritizing these is difficult because they all are very "configuration-centric." Sorry...
Sheesh...
Ok... for a little fun, I used some pithy Latin sayings as titles for today's diaries... my thought was that perhaps (perhaps!) it might be nice to... broaden some people's horizons. I was obviously mistaken.
Bad handler... baaaaaaaaaaaaaad handler.... no donut!
Diligentia maximum etiam mediocris ingeni subsidium
It appears that someone has kicked the big red Ethernet cable out of the wall over at Cisco. Currently, attempts to reach their website fall a few hops short. We'll update if we hear anything...
Update: They're baaaaaaaaaaaaaack... The best word we have is that Cisco was having an "issue" that was not attributable to anything "evil." Personally, I'm sticking with my "someone tripped over the Ethernet cable" explanation, 'cause it sounds plausible...
Bis interimitur qui suis armis perit
Rick wrote in with a log snippet showing someone out there actively scanning his webserver for an installation of horde:
2007-08-08 05:49:33 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde/README
2007-08-08 05:49:32 xxxxxx XXXXXXX 192.168.aaa.aaa GET /README
2007-08-08 05:49:32 xxxxxx XXXXXXX 192.168.aaa.aaa GET /Horde/README
2007-08-08 05:49:32 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde-3.0.9/README
2007-08-08 05:49:31 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde3/README
2007-08-08 05:49:31 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde2/README
2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /Horde/README
2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /horde-3.0.9/README
2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /horde3/README
2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /horde2/README
My guess: they're looking to find boxes to exploit with CVE-2006-1491
If you're using horde, make sure that the version you're running is up-to-date. Not running horde? Make sure: horde is one of those things that admins will often install to "try it out..." You might want to take a quick look around, just to be sure. Nothing worse than getting whacked by your own tools...
Anyone else seeing scanning like this?
(Also, if you haven't picked up on the diary title drift yet, your kindly narrator has decided to try to class the joint up a bit... Anyone know the source of that quote?)
Quis custodiet ipsos custodes?
It appears that several forensics tools are seeing a some... ahem... "attention" of late. Both the commercial tool "Encase" by Guidance Software and the Open Source tool "The Sleuth Kit" saw a slew of CVE's filed yesterday.
CVE-2007-4194 (v 5.0)
CVE-2007-4201 (v 6.2 and 6.5)
CVE-2007-4202 (v EEE 6)
The Sleuth Kit (v <2.09):
CVE-2007-4195
CVE-2007-4196
CVE-2007-4197
CVE-2007-4198
CVE-2007-4199
CVE-2007-4200
Issues mainly seem to be in the parsing of various malformed or specially created files/filesystem images.
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago