IP Communications
Vulnerable Products
+------------------
All versions of Cisco Security Agent for Windows, either managed
or standalone, are affected. Agents that are running on Cisco IP
Communications application servers or agents on systems that are running
the Cisco Security Manager are examples of a standalone implementation.
Standalone agents are installed in the following Cisco IP Communications
products:
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
IPv6 is a new Internet Protocol, designed to replace (and avoid many of
the problems with) the current Internet Protocol (version 4). Many
properties of the FreeBSD IPv6 network stack can be configured via the
ioctl(2) interface.
II. Problem Description
Folks,
We're close to ship the IETF Internet-Draft "Security Assessment of
the Internet Protocol" for publication as an IETF RFC. The draft is
available at: http://tools.ietf.org/id/draft-ietf-opsec-ip-security-02.txt
FYI, this document is heavily based on the document "Security
Assessment of the Internet Protocol" that I wrote for CPNI a couple of
years ago, and that is available at:
http://www.cpni.gov.uk/Docs/InternetProtocol.pdf
Hello, folks,
The United Kingdom's Centre for the Protection of National Infrastructure
has just released the document "Security Assessment of the Internet
Protocol", on which I have had the pleasure to work during the last year or
so.
The motivation to produce this document is explained in the Preface of the
document as follows:
Hash: SHA256
Hello, folks,
We have published an IETF Internet-Draft entitled "Security Assessment of
the Internet Protocol version 4", which is heavily based on the "Security
Assessment of the Internet Protocol" that was recently released by the UK
CPNI (http://www.cpni.gov.uk/Products/technicalnotes/3677.aspx). The IETF
I-D is available at: http://www.gont.com.ar/drafts/ip-security/index.html
(and is also available at the IETF internet-drafts repository)
Infiltrated Networks Vulnerability Disclosure
TCP/IP is broken
Overview TCP/IP
Transmission Control Protocol/Internet Protocol is the basic
communication language or protocol of the Internet. It can also be used
as a communications protocol in a private network (either an intranet or
an extranet). When you are set up with direct access to the Internet,
your computer is provided with a copy of the TCP/IP program just as
every other computer that you may send messages to or get information
Folks,
In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of
National Infrastructure) published the document "Security Assessment of the
Internet Protocol". The motivation of the aforementioned document is
explained in the Preface of the document itself. (The paper is available
at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf )
Once the paper was published by CPNI, I produced an IETF Internet-Draft
version of the same paper, with the intent of having the IETF publish
> Folks,
>
> In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of
> National Infrastructure) published the document "Security Assessment
> of the
> Internet Protocol". The motivation of the aforementioned document is
> explained in the Preface of the document itself. (The paper is available
> at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf )
>
> Once the paper was published by CPNI, I produced an IETF Internet-Draft
> version of the same paper, with the intent of having the IETF publish
Hi Fernando,
to quote from your drafts:
> As part of the project "Security Assessment of the Internet Protocol
> version 6 (IPv6)" [CPNI-IPv6], we devised a number of techniques for
> circumventing the RA-Guard protection, which are described in the
> following sections of this document. These techniques, and the
> corresponding tools to assess their effectiveness, had so far been
> made available only to vendors, in the hopes that they could
Details
=======
SNMP defines a standard mechanism for remote management and
monitoring of devices in an Internet Protocol (IP) network.
There are three general types of SNMP operations: "get" requests to
request information, "set" requests that modify the configuration of
a remote device, and "trap" messages that provide a monitoring
function. SNMP requests and traps are transported over User Datagram
For Public Release 2008 March 26 1600 UTC (GMT)
Summary
=======
A device running Cisco IOS software that has Internet Protocol
version 6 (IPv6) enabled may be subject to a denial of service (DoS)
attack. For the device to be affected by this vulnerability the
device also has to have certain Internet Protocol version 4 (IPv4)
User Datagram Protocol (UDP) services enabled. To exploit this
vulnerability an offending IPv6 packet must be targeted to the
+-------------------------------------------------------------------+
| Product | Product | Common Services |
| | Version | Version |
|-----------------------------------+------------+------------------|
| CiscoWorks IP Communications | 1.0 | 3.0 SP1 |
| Operations Manager | | |
|-----------------------------------+------------+------------------|
| CiscoWorks IP Communications | 1.0 | 3.0 SP1 |
| Service Monitor | | |
|-----------------------------------+------------+------------------|
}
Packets of the following form are generated.
Internet Protocol, Src: 192.168.1.1, Dst: 192.168.1.2
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x04 (DSCP 0x01: Unknown DSCP; ECN: 0x00)
0000 01.. = Differentiated Services Codepoint: Unknown (0x01)
.... ..0. = ECN-Capable Transport (ECT): 0
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The resolver is the part of libc that resolves hostnames (example.com) to
internet protocol (IP) addresses (192.0.2.1) and vice versa.
The inet_network() function returns an in_addr_t representing the network
address of the IP address given to inet_network() as a character string in
the dot-notation.
==========
The stunnel program is designed to work as an SSL encryption wrapper
between a remote client and a local or remote server. OCSP (Online
Certificate Status Protocol), as described in RFC 2560, is an internet
protocol used for obtaining the revocation status of an X.509 digital
certificate.
Affected packages
=================
2. EGP: Exterior Gateway Protocol
3. RIPv1: Routing Information Protocol v1
4. RIPv2: Routing Information Protocol v2
5. DCCP: Datagram Congestion Control Protocol
6. RSVP: Resource ReSerVation Protocol
7. IPSec: Internet Protocol Security (AH/ESP)
8. GRE: Generic Routing Encapsulation
9. EIGRP: Enhanced Interior Gateway Routing Protocol
10. OSPF: Open Shortest Path First
4. Exotic Protocols: Advanced options and protocol crafting for RSVP, EIGRP, OSPF and GRE were added, allowing users to make any combination while using those exotic protocols. By the way, EIGRP is a proprietary protocol developed by CISCO Systems, Inc.
Overview:
Product is Unified Communications solutions from Cisco Systems. From
the Web Site:
"Cisco Unified Communications Manager is an enterprise-class IP
communications processing system for up to 40,000 users, extensible to
80,000 users by way of a megacluster."
There is a remotely exploitable directory traversal vulnerability in
CUCM that allows attackers to read internal files available to the
Tomcat user. By design, this user has access to various sensitive
* Honeypots, network monitoring and situational awareness tools in general.
* Fighting spam, particularly spam from origin (SPF, DKIM and related
technologies. Email reputation)
* Fighting phishing and pharming
* Fighting malware
* Internet protocol security
* IPv6 security
* DNSsec
* Security of network infrastructure services (DNS, NTP, etc.)
* Web security
* DoS/DDoS response and mitigation, botnets
CVE-2011-0966 (CSCto35577)
Details.
Cisco Unified Operations Manager (CuOM) is a NMS for voice developed by
Cisco Systems. Operations Manager monitors and evaluates the current
status of both the IP communications infrastructure and the underlying
transport infrastructure in your network.
Multiple vulnerabilities have been identified in Cisco Unified
Operations Manager and associated products. These vulnerabilities
include multiple blind SQL injections, multiple XSS. and a directory
|
