CSCur59696 - Vulnerability in IOS.sh and40;shell

Similar Messages

• CSCur27617 - AnyConnect vulnerable to POODLE attack and40;CVE-2014-3566

  Hello to all
  In CSCur27617 ist stated:
  Known Affected Releases:(1)3.1(5178)
  We are currently deploying 3.0.4235-k9
  Since this Vulnerability uses the SSL channel paralell to IPSec,
  I expect that 3.0.4235-k9 ist affected also.
  Ist this correct?
  Thanks Ernie

  Firmware 1.05.36 of MyCloud Mirror fixed that: http://community.wd.com/t5/WD-My-Cloud-Mirror/New-Release-My-Cloud-Mirror-Firmware-Release-1-05-36-7-8-2015/td-p/886778

• CSCus68591 - Assess GHOST vulnerability for Nexus 5k and40;CVE-2015-0235

  Good afternoon
  My question is:
  Nexus switches I manage for some customers have NX-OS version 7.0(5)N1(1).
  This version is not presented in bug link https://tools.cisco.com/bugsearch/bug/CSCus68591 as known affected.
  However, neither 7.0(5) is presented as fixed trailer. Only 7.0(6), not available for download yet.
  What should I do regarding this?...Consider 7.0(5)N1(1) affected or not?
  Regards
  Christian

• Vulnerability fixed by iOS 7.0.6

  iPhone 4s IOS 7.0.6
  ok so from what I'm reading the vulnerability supposedly fixed by iOS 7.0.6 also included the possibility of mlaware being injected into the phone?
  So all the while people are saying iPhones cant be infected, they inded could have been?
  Just trying to understand

  Whether malware could actually be installed is open to debate, but probably not. The largest risk is having email and other SSL traffic intercepted. A fix was definitely needed, but the tech press is blowing this a bit out of proportion. Even with this vulnerability, and iOs device would still be more secure than most Android and windows devices.

• OSX and iOS bug breaks SSL

  This type of massive security lapse by Apple does make me question why I've been going to all the hassle and expense of running an OSX, SSL only, family email server for the last few years.
  http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-and-ios-70 6-patch/index.html
  http://www.theregister.co.uk/2014/02/21/apple_patches_ios_ssl_vulnerability/
  IOS update available but no OSX update yet.
  https://support.apple.com/kb/HT6147

  Here is a simple shell script that will automate this for you. Copy the conent into a file named wififixer.sh (as an example). The from a terminal window you can run it as:
  $ sh wififixer.sh
  The code:
  #!/bin/sh
  # This code is being released to Public Domain.
  # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  # ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  # SUCH DAMAGE.
  # The purpose of this program script is to find the default gateway
  # and continuously ping it every 15 seconds, in order to workaround
  # Apple's BUG in their Wifi (AES) framework/driver, where Wifi
  # connectivity is lost without continuous packet exchange.
  # This BUG has been persistent in iOS 6 onward. It was also introduced
  # with release of MacOS Mavericks 10.9.x.
  # Reference: https://discussions.apple.com/message/24119041#24119041
  # Find out IPv4 default gateway in route table.
  gw=`netstat -rnfinet | grep default | awk '{print $2}'`
  # If not found in route table, print message and exit.
  test -z "${gw}" && echo "No (default) Gateway found." && exit 1
  # ping the gateway every 15 seconds
  ping -i 15 ${gw}

• Recent Safari vulnerability patch

  Obviously most people have heard about the recent PDF rendering vulnerability in iOS, including 4.
  My question is, are those folks still running 3.1 (i.e. those that don't want 4, or can't have 4) going to get the patch too, or are we left with our butts flappin' in the wind?
  I haven't found any specifics on the net as to whether or not they're going back to 3 for security patches. I sure hope so. I'm not psyched about buying a whole new iPod touch just for a security patch, when my Gen1 works perfectly fine otherwise.

  It affects the iPad running iOS 3.2.1 so it seems likely that it affects 3.1.x users as well. The fact that the jailbreaking code doesn't work on 3.1 doesn't mean the underlying vulnerabilities that code leverages don't exist on the earlier versions of the OS as well. Unfortunately Apple haven't said whether they need to, or intend to, patch earlier versions of iOS. As a 1G iPod touch user I sure wish they would.
  Now that the exploit code has been released publicly it is critical users of iOS 3.1.x know where they stand.
  Message was edited by: David Shanahan

• Is there really a virus on apple products

  I heard on the news that there is virus with apple products

  It sounds like you misunderstand.
  There was a security vulnerability in ios  that has been corrected with the latest update.

• ASA/Router Exec Authorization

  Hello Everyone,
  After a user is authenticated using  TACACS+, he/she must be authorized to access the IOS or ASA shell.  However, when i just configured authentication (without authorization),  the user can still access the level 15 shell after authentication by  simply typing the "enable" command if he/she knows the enable password.  Then, What Exec authorization really does? .. Also, when we say Exec  Authorization, does it mean user-exec or privilege-exec?
  Thx for your help.
  AM

  Hi there,
  The behavior is different if this command is used in IOS or ASA, for example let's say that you have configured this command in your router "aaa authorizzation exec default group tacacs+", if you SSH/Telnet to this router than after entering the username/password you will be placed in privilege mode "#" if after retrieving the privilege level it's higher than 2, so you will be skipping the "enable" prompt.
  But the syntax of this command is a little bit different in an ASA.and the behavior also changes, first of all you cannot skip the "enable" prompt in your ASA because this is a security device and this prompt is mandatory:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
  "Note:
  The Cisco Security Appliances (ASA/PIX) does not currently allow the           user to be placed directly into the enable mode during login. The user must           manually enter into the enable mode."
  So in an ASA you won't be able to skip the "enable" prompt, so what it will do is just to retrieve the privilege level or Service-level value assigned to the user, there are multiple values like "Administrative" which is similar to privilege 15, or "NAS prompt", "Outbound", etc.
  Each of these values has a different purpose, for further details check below:
  http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1070306
  Hope I could have provided you some light into this situation.

• VPN OS 10.2.1 non BES

  Hello, I have a Q10 with BB OS 10.2.1.2102. I do not have BES, but is connected to the server (Windows SBS 2011) with Activesync. I can not understand what is the correct configuration of the Q10 for the VPN connection. I state that I have no other devices connected with VPN (PC, IOS, etc..) And none of them have had problems connecting to the VPN. (The parameters for IOS using the shell are: VPN Type: PPTP Proxy: No, No Coding).
  Thanks Simone

  Yep, known issue (at least by some of us users) and I am not completely sure if BlackBerry knows.
  *edit* oops, I see now you're posting in regard to BES activated devices. It works in the same manner for non-BES devices as well.
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Will there be a security fix for my Mac ?

  Will there be a security fix for my iMac ?

  http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-and-ios-70 6-patch/index.html
  Recommendations
  Update your Apple devices and systems as soon as possible to the latest available versions. Do not use untrusted networks (especially WiFi) while traveling, until you can update the devices from a trusted network. On unpatched mobile and laptop devices, set “Ask to Join Networks” setting to OFF, which will prevent them from showing prompts to connect to untrusted networks.

• No_easy_shell.tcl question

  The situation is the following. I've downloaded the Cisco Embedded Automation Systems  Installer from the offical site
  http://www.cisco.com/en/US/prod/iosswrel/ps6537/ps6555/ps10777/eas_sol_downloads.html
  I copied it on one test system running IOS version 12.4(15)T15. Than I've downloaded the Remote Command Shell
  http://www.cisco.com/assets/cdc_content_elements/docs/ios/eas/easy-shell.tar and just followed the instructions by the installer script. No issues there, the installation script has created alias for me and some additional directories on the flash.
  Where's the issue, I can't start the Remote Command Shell script, or no_easy_shell.tcl as is the name of the TCL script.
  I looked at the code and in the very beginning there's an example:
  # This policy executes a specified "shell" script of commands on a remote
  # device or the local device.  Run the command:
  # event manager run no_easy_shell.tcl --help
  # For a list of options.
  But when I try this I get an error:
  SEC_BB3#event manager run no_easy_shell.tcl --help
                                                                        ^
  % Invalid input detected at '^' marker.
  When I execute the script wihout any arguments ather than the batch file which contains only one command "show running-config" I get the following output:
  SEC_BB3#event manager run no_easy_shell.tcl
  DEBUG: Trying to open batch file flash:/COMMANDS for reading.
  can not find channel named "show running-config"
      while executing
  "close $result"
      invoked from within
  "$slave eval $Contents"
      (procedure "eval_script" line 7)
      invoked from within
  "eval_script slave $scriptname"
      invoked from within
  "if {$security_level == 1} {       #untrusted script
       interp create -safe slave
       interp share {} stdin slave
       interp share {} stdout slave
      (file "tmpsys:/lib/tcl/base.tcl" line 50)
  Tcl policy execute failed: can not find channel named "show running-config"
  But still I can't use any of the options mentioned in the tcl code like: -h, -u, -p etc.
  My understanding is that this script runns any command that is put into the batch file and the commands will be executed either locally or with the options -h I can give a remote address where the commands should be executed, -u is for username, -p is for password etc. But, none of the options works... What I'm doing wrong here? I'm also not able to locate any reference or an example on how to correctly use the script...

  I just did that, here the result:
  SEC_BB3#easy_shell
  DEBUG: Trying to open batch file flash:/COMMANDS for reading.
  can not find channel named "show running-config"
      while executing
  "close $result"
      invoked from within
  "$slave eval $Contents"
      (procedure "eval_script" line 7)
      invoked from within
  "eval_script slave $scriptname"
      invoked from within
  "if {$security_level == 1} {       #untrusted script
       interp create -safe slave
       interp share {} stdin slave
       interp share {} stdout slave
      (file "tmpsys:/lib/tcl/base.tcl" line 50)
  Tcl policy execute failed: can not find channel named "show running-config"
  SEC_BB3#show flash:
  -#- --length-- -----date/time------ path
  1     53619780 Sep 19 2013 12:37:10 +03:00 c2800nm-adventerprisek9_ivs-mz.124-15.T15.bin
  2           19 Oct 7 2013 18:57:42 +03:00 COMMANDS
  3        41087 Oct 9 2013 17:58:46 +03:00 no_easy_shell.tcl
  4            0 Oct 2 2013 19:28:56 +03:00 easy-shell
  5          452 Oct 2 2013 19:28:56 +03:00 easy-shell/contents
  6         2230 Oct 2 2013 19:28:56 +03:00 easy-shell/pkgconfig
  7          236 Oct 2 2013 19:28:56 +03:00 easy-shell/descr
  8          506 Oct 2 2013 19:28:58 +03:00 easy-shell/envvars
  9          262 Oct 2 2013 19:28:58 +03:00 easy-shell/uninstall
  10         114 Oct 2 2013 19:28:58 +03:00 easy-shell/message
  11          99 Oct 2 2013 19:28:58 +03:00 pkgdb
  12       45526 Oct 2 2013 19:20:24 +03:00 easy-installer-signed-1.5.tcl
  10231808 bytes available (53751808 bytes used)
  SEC_BB3#more flash:/COMMANDS
  show running-config
  SEC_BB3#
  SEC_BB3#show run | sec event manager
  alias exec easy_shell event manager run no_easy_shell.tcl
  event manager environment __easy_PREFIX flash:/
  event manager environment easy_shell_debug 1
  event manager environment easy_shell_timeout 36
  event manager environment easy_shell_alias easy_shell
  event manager environment easy_shell_batch_file flash:/COMMANDS
  event manager directory user policy "flash:/"
  event manager policy no_easy_shell.tcl type user
  SEC_BB3#

• Shellshock exploit targeting email gateways (ESAs)

  Could you please review the attack vector described in the below article:
  https://www.binarydefense.com/bds/active-shellshock-smtp-botnet-campaign/
  An active botnet is targeting email gateways by adding scripts in email fields like to, from, body etc.
  A vulnerable gateway will execute these scripts and download malware and make the gateway part of another botnet.
  Can you please let us know if our ESAs are good enough on these attacks?

  Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  Please refer to the expanded "Affected Products" for details on our products.
  Products Confirmed Not Vulnerable
  The following Cisco products have been analyzed and are not affected by this vulnerability: 
  Cisco IOS
  Cisco IronPort ESA/SMA
  Cisco Private Internet eXchange (PIX)
  Cisco Sourcefire Defense Center and Sensor products
  Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:
  http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html 
  This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:
  http://www.cisco.com/go/psirt

• HT6147 is iOS 6 subject to the same SSL/TLS vulnerability?

  The news is blaring warnings about using iPhones, iPads, and Macs on shared networks because of a problem with SSL/TLS.  Apple's releases make it clear that iOS7 and Mac OSX 10.9 and specifically vulnerable to this.
  3rd party sites suggest the vulnerability was introduced recently in iOS7 and Mac OSX 10.9, but do not specifically exempt iOS 6 versions, or Mac OSX 10.8 and earlier.
  I went on the gotofail.com test page with my Mac on 10.8.5, and it said my client wasn't vulnerable, but a link on that website did suggest Safari on MacOSX 10.9 was vulnerable to a "BEAST" attack.  Firefox was not.
  My iPhone's are still on iOS6 because they are 4S's and I didn't want to suffer slowdowns from excessive iOS7 overhead for new special effects.  However, there doesn't appear to be any mechanism for updating iOS6 if these are also subject to the same vulnerability.  One third party web site did suggest that a fix for iOS6 was in the works, but my phones only show the iOS 7.0.6 update in the general settings. There is no option for an iOS6 update without switching entirely to iOS7.
  What is the actual word from Apple?  Are iOS6 users and MacOSX 10.8 and earlier users SAFE?

  whidbeyben3 wrote:
  What is the actual word from Apple?  Are iOS6 users and MacOSX 10.8 and earlier users SAFE?
  iOS6 users -- Not safe.
  About the security content of iOS 6.1.6.
  About the security content of iOS 7.0.6.
  OS 10.8 users -- Safe.

• Cisco IOS XE is vulnerable to CVE-2014-0160 - aka Heartbleed CSCuo19730 on Cisco 4500E IOS XE?

  Hello Experts,
  I need to find out what exact IOS XE software version on Catalyst 4507E will affect by Heartbleed.
  Cisco WS-C4507R+E
  WS-X45-SUP7-E
  Thanks in advance.

  @apieper, looking at the bug details, it doesn't look like you are affected.
  Conditions:
  Cisco IOS XE devices running release 3.11.0S, 3.11.1S or 3.12.0S and with the WebUI interface over HTTPs enabled. No other versions of Cisco IOS XE are affected.
  Devices with the WebUI interface enabled and using HTTPs as transport protocol will include the following configuration:
  transport-map type persistent webui http-webui
  secure-server
  ip http secure-server
  transport type persistent webui input http-webui
  Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S but WITHOUT the WebUI interface enabled, or with the WebUI interface enabled but NOT using HTTPs as transport protocol are NOT AFFECTED by this vulnerability.
  Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S and with the HTTPs server enabled (by including in their configuration the line "ip http secure-server") are NOT affected. Both the HTTPs server and the WebUI interface need to be enabled for a device to be vulnerable.

• HT201393 how can I fix IOS 10.6.8. if vulnerable ?

  How can I fix IOS 10.6.8. if vulnerable to shellshock ?

  Further to the above, there is a possible fix posted on Macintouch: go to
  http://www.macintouch.com/readerreports/security/index.html#d01oct2014
  and scroll up to the last post on 30 September, from Jim Weisbin. See also the posts at the bottom of the page he links to,
  http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid -shellshock-the-remote-exploit-cve-2014-6271-an/146851
  Disclaimer: all this is outside my technical knowledge and I pass this on for information only. I can't offer any comment on its suitability; use at your own risk.