<< Previous Next >>
command/line interface
also, look at quote() inside ./include/command.php:
..
// {{{ quote
//
// Quote a string to send to the command line
function quote($str) {
global $config;
if ($config->serverIsWindows) {
How To Determine The Running Software Version
+--------------------------------------------
To determine whether a vulnerable version of Cisco ASA Software is
running on an appliance, administrators can issue the "show version"
command-line interface (CLI) command. The following example shows a
Cisco ASA 5500 Series Adaptive Security Appliance that is running
software version 8.0(4):
ASA#show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Windows NT Domain authentication may be vulnerable. Devices that are
using any other type of external authentication (that is, LDAP, RADIUS,
TACACS+, SDI, or local database) are not affected by this vulnerability.
The following example demonstrates how Windows NT domain authentication
is configured using the command line interface (CLI) on the Cisco ASA:
aaa-server NTAuth protocol nt
aaa-server NTAuth (inside) host 10.1.1.4
nt-auth-domain-controller primary1
* Cisco Network Registrar
All Cisco Network Registrar versions are affected, and DNS services
are enabled by default.
The DNS server on CNR is enabled via the command-line interface
(CLI) commands "server dns enable start-on-reboot" or "dns enable
start-on-reboot" or via the web management interface in the Servers
page by selecting the appropriate "Start," "Stop," or "Reload"
button.
- The server validates the user before asking for a password, thus we
can keep trying usernames until we get a password prompt.
- A Proof of Concept has been created:
--- command line output begin ---
[waKKu@localhost: codes] # ./totvs_users_enumerator.py -h
usage: totvs_users_enumerator.py [options] [filename]
-h for help
options:
+------------------
This vulnerability affects Cisco MXE 5600 units that are running
Cisco Media Processing Software releases prior to 1.2. To determine
the software release that is running on a Cisco MXE unit, log in to
the device and issue the show version command-line interface (CLI)
command to display the system banner. The following example shows a
Cisco MXE 5600 device running software version 1.2.0-34.
mxe# show version
------------------------------------------------------------
> Quick calculator session :
> 2^(-18) = 0.000003814697265625
> 2^(-14) = 0.00006103515625
>
> So there is a vanishingly small probability that a Bad Guy may
> discover less than 2 characters from my command-line, every time they
> try this attack. And each time they fail, my connection gets rudely
> chopped. Two characters won't help them much. They'd need to succeed
> about ten times per typed command-line to snoop on most of my
> sessions. This weakness is surely of no conceivable use to a Bad Guy
> ?
This vulnerability affects the Cisco AVS 3110, 3120, 3180, and 3180A
Management Station appliances that are running software versions prior
to AVS 5.1.0. Administrators can determine the software version of the
AVS appliances by logging in to the Management Station web-based user
interface or from the command-line interface (CLI) of the appliance
operating system.
Customers who use the AVS 3180 or 3180A Management Station can determine
their node software versions by navigating to the Cluster Information
Page. Each registered node will display the corresponding software
1. Stop the Operations Manager for Windows console and its additional binaries, such as node editor.
2. From a command prompt, backup %OvInstallDir%\bin\srcvw4.dll
3. From a command prompt, copy OMW60_srcvw4.dll into %OvInstallDir%\bin\srcvw4.dll
4. Verify that %OvInstallDir%\bin\srcvw4.dll is now v4.0.1.2
Note: Steps 2 and 3 above must be performed from the Windows command line, not from Windows Explorer.
For Operations Manager for Windows v7.5
Verify the version of srcvw32.dll currently installed
Vulnerable Products
+------------------
To determine the software version that is running on a Cisco Content
Delivery Engine, log in to the device and issue the show version
command-line interface (CLI) command to display the system banner.
Cisco CDS Internet Streamer software will identify itself as "Content
Delivery System Software Release". On the same line of output, the
version number will also be provided. This example identifies a Cisco
Content Delivery Engine that is running Cisco Content Delivery System
software release 2.5.9 build 5:
Administrators of systems running all Cisco Unified Presence versions
can determine the software version by viewing the main page of the
Cisco Unified Presence Administration interface. The software version
can be determined by running the command show version active via the
Command Line Interface (CLI).
Products Confirmed Not Vulnerable
+--------------------------------
No other Cisco products are currently known to be affected by these
RESOLUTION
The vulnerability can be resolved by the following procedure:
Disable the array's HTTP and HTTPS network management services (Note: This will also disable all management access from a Web browser. Array management access may be maintained via Command Line Interface [CLI].) Use the instructions outlined in the Workaround section below to disable the HTTP and HTTPS network management services.
Install TS230P008 firmware as soon as possible. If the HTTP and HTTPS network management services have been previously disabled, the services may be re-enabled as the issue is fully resolved in TS230P008 firmware.
TS230P008 firmware installation and workaround instructions:
References: http://www.devtarget.org/mcafee-advisory-08-2007.txt
III - OVERVIEW
McAfee Virus Scan for Linux and Unix is a command-line version of the
popular McAfee anti-virus scanner running on the Linux operating system
as well as on other Unices (e.g. AIX, Solaris, HP-UX etc.). It was
discovered that the product is prone to a classic buffer overflow
vulnerability when attempting to scan files or directories with a
particularly long name. This vulnerability results in the local
$(RFIDIOtconfig_opts)
./RFIDIOtconfig.opts
/etc/RFIDIOtconfig.opts
options should be specified on the first line as if typed on the
command line, e.g.
-s 9600 -l /dev/ttyUSB0
command line options will take precedence over this file.
operation, and multiplexing.
When TCP connections are terminated in Cisco IOS Software, they are
allocated a transmission control block (TCB). All allocated TCBs,
associated TCP port numbers, and the TCP state are displayed in the
output of the "show tcp brief all" command-line interface (CLI) command.
Cisco IOS Software version 15.1(2)T contains a vulnerability that could
cause an embryonic TCP connection to remain in SYNRCVD or SYNSENT
state without a further TCP state transition. Examining the output of
the "show tcp brief all" command multiple times will indicate if TCP
The main windows of the AClient GUI has a hidden button that
can be seen using a resource viewer such as MS Spy++. The
button has a caption of "command prompt".
Clicking this button causes the GUI to attempt to call
CreateProcess() with the following CommandLine parameter.
"c:\Program Files\Altiris\AClient\cmd.exe"
The AClient GUI also has a ListView control which can be
which can be used to overwrite process memory. Using the
ListView, it is possible to overwrite a static pointer
http://www.kvirc.net/?lang=en
description:
"KVIrc is a Multilanguage, graphical IRC-Client for Windows, Linux, Unix and Mac
OS.[..]"
A command line parsing vulnerability exists (or I should say persists...:
http://secunia.com/advisories/25740, fixed or not?) which can be exploited by
passing the '"' char followed by command line switches to 'irc:///', 'irc6:///',
'ircs:///' and 'ircs6:///' urls, ex. this shows the argument list:
irc:///"%20--help%20"
The most interesting one is the -e switch followed by 'run' command, this runs
MYSQL COMMAND-LINE CLIENT HTML INJECTION VULNERABILITY
Thomas Henlich <thomas@henlich.de>
DESCRIPTION
The mysql command-line client does not quote HTML special characters
like < in its output. This allows an attacker who is able to write data
into a table to hide or modify records in the output, and to inject
potentially dangerous code, e. g. Javascript to perform cross-site
...
!
service-policy global_policy global
To determine the version of Cisco FWSM Software that is running, issue
the "show module" command-line interface (CLI) command from Cisco IOS
Software or Cisco Catalyst Operating System Software to identify what
modules and sub modules are installed on the system.
The following example shows a system with a Cisco FWSM (WS-SVC-FWM-1)
installed in slot 2:
Tandberg.com, and is no longer available for download. The deferral
notice can be found at the following link: Software Deferral Notice
Administrators can determine the version of software running on their
device by logging in to the command-line interface (CLI) as the admin
user and issuing the xstatus systemunit command and finding the
SystemUnit Software Version field.
Example:
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/php -r '$nx=new Tidy("*");$nx->diagnose();'
[Thread debugging using libthread_db enabled]
PHP Warning: tidy::__construct(): Cannot Load '*' into memory in Command line code on line 1
Program received signal SIGSEGV, Segmentation fault.
0x00007fffedfaff87 in prvTidyReportMarkupVersion ()
from /usr/lib/libtidy-0.99.so.0
-PoC---
> Quick calculator session :
> 2^(-18) = 0.000003814697265625
> 2^(-14) = 0.00006103515625
>
> So there is a vanishingly small probability that a Bad Guy may
> discover less than 2 characters from my command-line, every time they
> try this attack. And each time they fail, my connection gets rudely
> chopped. Two characters won't help them much. They'd need to succeed
> about ten times per typed command-line to snoop on most of my
> sessions. This weakness is surely of no conceivable use to a Bad Guy
software-only versions of the product.
The following methods can be used to determine which version of the
Cisco Secure ACS is installed:
* From the Cisco Secure ACS command-line interface (CLI), issue the
"show version" command, as shown in the following example:
acs51a/admin# show version
Cisco Application Deployment Engine OS Release: 1.2
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mpc.h
tml
To determine whether you are running a vulnerable version of Cisco PIX
or ASA software, issue the show version command-line interface (CLI)
command. The following example shows a Cisco ASA Security Appliance that
runs software release 7.2(3):
ASA#show version
After almost a year of intensive development and internal use, we are
pleased to announce the public release of Immunity Debugger v1.0.
When we started developing Immunity Debugger our main objective was to
combine the best of the commandline based and GUI based debugger worlds.
The commandline because most of us come from a UNIX background, and it
just ends up being more efficient than clicking your way around. The GUI
because we understand that we are visual beings that often can
grasp more from a single look at a graphical layout than from two days
of x/x-ing memory pages.
After almost a year of intensive development and internal use, we are
pleased to announce the public release of Immunity Debugger v1.0.
When we started developing Immunity Debugger our main objective was to
combine the best of the commandline based and GUI based debugger worlds.
The commandline because most of us come from a UNIX background, and it
just ends up being more efficient than clicking your way around. The GUI
because we understand that we are visual beings that often can
grasp more from a single look at a graphical layout than from two days
of x/x-ing memory pages.
If supported by the server's configuration, fetchmail can be run in
ssl-wrapped rather than starttls mode. To that extent, the "ssl sslproto
ssl3" option must be configured (possibly replacing sslproto tls1 where
configured) to the rcfile, or "--ssl --sslproto ssl3" can be given on
the command line (where it applies to all poll configurations).
It is generally also advisable to enforce SSL certificate validation, by
either using --sslcertck on the command line, or using sslcertck in a
"default" configuration entry of the rcfile, or using sslcertck in
each of the relevant individual poll descriptions of the rcfile.
Symantec has reviewed the issue that was reported with smc.exe crashing from the command line. We have confirmed that an improperly formatted command line can cause the user mode process to crash. However, the privileged service process is unaffected. The client machine maintained full protection. Symantec will supply an update to prevent the command line tool from crashing in a future release.
bypass. The following commands modify the RADIUS configuration line
file and restart the RADIUS daemon to read the new configuration
file.
The configuration file may be modified by running the following
command from the command-line interface (CLI) of the device:
# cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.orig
# sed -i 's/php -f/php/g' /etc/raddb/radiusd.conf
# service radiusd restart
- It replaces Arpwatch & co; ArpON blocks;
- It detects and blocks Arp Poisoning/Spoofing attacks in statically configured networks;
- It detects and blocks Arp Poisoning/Spoofing attacks in dinamically configured (DHCP) networks;
- It detects and blocks unidirectional and bidirectional attacks;
- It manages the network interface into unplug, boot, hibernation and suspension OS features;
- Easily configurable via command line switches, provided that you have root permissions;
- It works in userspace for OS portability reasons;
- Tested against Ettercap, Cain & Abel, dsniff and other tools.
Links:
<<Previous Next>>
|
