Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-09-08 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

After 24 hours of fun we are back online!

Published: 2005-09-08
Last Updated: 2005-09-09 12:41:23 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
The main circuit which supports the web site, mail and a handful of other services went down yesterday for 90 minutes. After it came back up there were continual errors on the line that interferred with maintining established TCP connections -- ICMP/UDP seemed to still work ok. Some work on one end of a lengthy coax cable run seemed to turn the trick and get things back up. So "We're back!"
Keywords:
0 comment(s)

Cisco content switch SSL vulnerability

Published: 2005-09-08
Last Updated: 2005-09-09 12:39:33 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
Cisco announced a vulnerability in the 11500 and 11501 content switches with the optional SSL module.
http://www.cisco.com/warp/public/707/cisco-sn-20050908-css.shtml

The scope appears to be limited. You must be using certificate authentication and the CSS must be the SSL server. In the affected cases if ssl fails to renegotiate a session at the appropriate time it may be possible to bypass authentication. Those using SSL are strongly encouraged to upgrade as soon as possible.
Keywords:
0 comment(s)

Major Cisco IOS Vulnerability Announced

Published: 2005-09-08
Last Updated: 2005-09-08 15:44:56 UTC
by John Bambenek (Version: 2)
0 comment(s)
Cisco announced today there is a buffer overflow in the Firewall Authentication Proxy of Cisco IOS that can be used for a denial of service attack.  Cisco's advisory is here.

The affected versions of Cisco IOS are 12.2ZH, 12.2ZL, 12.3, 12.3T, 12.4, and 12.4T (all versions).  The vulnerability will not affect devices that are not configured for Firewall Authentication Proxy for FTP or Telnet Sessions.  There is a rather large table of remediation options that is included with Cisco's advisory.  FrSIRT and Symantec have this listed as a high risk alert.  Either turn off the authentication proxy or patch your devices as soon as possible.
Keywords:
0 comment(s)
Diary Archives