Next Page >>
command/line interface
ESXi 3.5 ESXi not affected
ESX any ESX not affected
f. VMware Consolidated Backup(VCB) command-line utilities may expose
sensitive information
VMware Consolidated Backup command-line utilities accept the user
password through the -p command-line option. Users logged into the
service console could gain access to the username and password used
Summary
=======
The server side of the Secure Copy (SCP) implementation in Cisco IOS
software contains a vulnerability that could allow authenticated
users with an attached command-line interface (CLI) view to transfer
files to and from a Cisco IOS device that is configured to be an SCP
server, regardless of what users are authorized to do, per the CLI
view configuration. This vulnerability could allow valid users to
retrieve or write to any file on the device's file system, including
the device's saved configuration and Cisco IOS image files, even if
Determination of Software Versions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Administrators can use these instructions to determine the software
version that is running on the Cisco WLCs (using the web or
command-line interface) or on the Cisco WiSM (using commands on the
Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router).
Cisco Wireless Controllers
~~~~~~~~~~~~~~~~~~~~~~~~~~
Determination of Software Versions
+---------------------------------
Administrators can use these instructions to determine the software
version that is running on a Cisco WLC using the web or command-line
interface or on a Cisco WiSM (using commands on a Cisco Catalyst 6500
Series Switch and Cisco 7600 Series Router).
Cisco Wireless Controllers
+-------------------------
Administrators may verify the configuration of affected devices by
using one of the following methods:
For devices that are running TC4.0 or 4.1 software, administrators may
view the serial number of an affected device by logging in to the
command line of an affected device with the admin account and issuing
the xstatus systemunit hardware command.
View Serial Number:
+------------------
prior to Software Release 7.2. The vulnerability is present in the
affected releases on all platforms.
To verify the release of Cisco Network Registrar that is running,
select the About option from the menu. Alternatively, if using the
command-line interface, execute the following command:
nrcmd> session get version
Products Confirmed Not Vulnerable
+--------------------------------
3. *Vulnerability Description*
The Intel Alert Handler service ('hndlrsvc.exe') fails to correctly
process the 'CommandLine' field in the AMS request. A source address in
a 'MOV' instruction is calculated from values present in the request,
causing a remote denial-of-service.
4. *Vulnerable packages*
1.Tech Gyan - Main article of the magazine. Covers various technical aspects in security, latest hacking trends and techniques.
2. Tool Gyan - Covers various hacking and security tools.
3. Mom's Guide - Dedicated to comman man. Covers basics and fundamentals.
4. Legal Gyan - IT Law with respect to hacking explained in simple language.
5. Command Line - Explains command line alternatives for various tasks.
6. Matriux Vibhag - Articles on Matriux Security Distro.
No hard and fast rules as such. Just a few guidelines :
1) Keep the language as easy as possible.
2) It should be related to our sections mentioned above. (Except for Matriux Vibhag, articles can be submitted for all other sections)
2008/08/25 #2008-014 WordNet stack and heap overflows
Description:
The WordNet 3.0 Unix library and command-line interface suffer from a
number of stack overflows due to their handling of command line
arguments,
environment variables and data read from user supplied dictionaries.
The oCERT team was contacted by Moritz Muehlenhoff from the Debian
> -----Original Message-----
> From: Thomas Henlich [mailto:thomas@henlich.de]
> Sent: Tuesday, 30 September 2008 6:30 PM
> To: bugtraq@securityfocus.com
> Subject: MySQL command-line client HTML injection vulnerability
>
> MYSQL COMMAND-LINE CLIENT HTML INJECTION VULNERABILITY
>
> Thomas Henlich <thomas@henlich.de>
>
1.Tech Gyan - Main article of the magazine. Covers various technical aspects in security, latest hacking trends and techniques.
2. Tool Gyan - Covers various tools hacking and security tools.
3. Mom's Guide - Dedicated to comman man. Covers basics of hacking and security.
4. Legal Gyan - IT Law with respect to hacking explained in simple language.
5. Command Line - Explains command line alternatives for various tasks.
6. Matriux Vibhag - Articles on Matriux Security Distro. (This section is started from MArch2011)
Guidelines:
1) Keep the language as easy as possible.
2) It should be related to our sections mentioned above. (Except for Matriux Vibhag, articles can be submitted for all other sections)
1.Tech Gyan - Main article of the magazine. Covers various technical aspects in security, latest hacking trends and techniques.
2. Tool Gyan - Covers various tools hacking and security tools.
3. Mom's Guide - Dedicated to comman man. Covers basics of hacking and security.
4. Legal Gyan - IT Law with respect to hacking explained in simple language.
5. Command Line - Explains command line alternatives for various tasks.
6. Matriux Vibhag - Articles on Matriux Security Distro.
No hard and fast rules as such. Just a few guidelines. Guidelines:
1) Keep the language as easy as possible.
2) It should be related to our sections mentioned above. (Except for Matriux Vibhag, articles can be submitted for all other sections)
the left pane, and note the Software Version field.
Note: Customers who use a WLC Module in an Integrated Services
Router (ISR) will need to issue the service-module
wlan-controller 1/0 session command prior to performing the next
step on the command line. Customers who use a Cisco Catalyst
3750G Switch with an integrated WLC Module will need to issue the
session <Stack-Member-Number> processor 1 session command prior
to performing the next step on the command line.
* From the command-line interface, type show sysinfo and note the
Cisco Firewall Services Module (FWSM). More information
regarding the FWSM can be found in the companion advisory
http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml.
To determine whether you are running a vulnerable version of Cisco PIX
or ASA software, issue the "show version" command-line interface (CLI)
command.
The following example shows a Cisco ASA Security Appliance that runs
software release 7.2(3):
.text:6DAA3EE9 push ebx ; lpEnvironment
.text:6DAA3EEA push ebx ; dwCreationFlags
.text:6DAA3EEB push ebx ; bInheritHandles
.text:6DAA3EEC push ebx ; lpThreadAttributes
.text:6DAA3EED push ebx ; lpProcessAttributes
.text:6DAA3EEE push esi ; lpCommandLine
.text:6DAA3EEF lea eax, [ebp+ApplicationName]
.text:6DAA3EF5 push eax ; lpApplicationName
.text:6DAA3EF6 mov [ebp+StartupInfo.cb], 44h
.text:6DAA3EFD call ds:CreateProcessA
information regarding vulnerabilities affecting the PIX
and ASA can be found in the companion advisory located at
http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml.
To determine if you are running a vulnerable version of FWSM software,
issue the "show module" command-line interface (CLI) command from
Cisco IOS or Cisco CatOS to identify what modules and sub-modules are
installed in the system.
The following example shows a system with a Firewall Service Module
(WS-SVC-FWM-1) installed in slot 4.
After almost a year of intensive development and internal use, we are
pleased to announce the public release of Immunity Debugger v1.0.
When we started developing Immunity Debugger our main objective was to
combine the best of the commandline based and GUI based debugger worlds.
The commandline because most of us come from a UNIX background, and it
just ends up being more efficient than clicking your way around. The GUI
because we understand that we are visual beings that often can
grasp more from a single look at a graphical layout than from two days
of x/x-ing memory pages.
If supported by the server's configuration, fetchmail can be run in
ssl-wrapped rather than starttls mode. To that extent, the "ssl sslproto
ssl3" option must be configured (possibly replacing sslproto tls1 where
configured) to the rcfile, or "--ssl --sslproto ssl3" can be given on
the command line (where it applies to all poll configurations).
It is generally also advisable to enforce SSL certificate validation, by
either using --sslcertck on the command line, or using sslcertck in a
"default" configuration entry of the rcfile, or using sslcertck in
each of the relevant individual poll descriptions of the rcfile.
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mpc.h
tml
To determine whether you are running a vulnerable version of Cisco PIX
or ASA software, issue the show version command-line interface (CLI)
command. The following example shows a Cisco ASA Security Appliance that
runs software release 7.2(3):
ASA#show version
...
!
service-policy global_policy global
To determine the version of Cisco FWSM Software that is running, issue
the "show module" command-line interface (CLI) command from Cisco IOS
Software or Cisco Catalyst Operating System Software to identify what
modules and sub modules are installed on the system.
The following example shows a system with a Cisco FWSM (WS-SVC-FWM-1)
installed in slot 2:
Administrators of systems running Cisco Unified Presence can
determine the software version by viewing the main page of the Cisco
Unified Presence Administration interface. The software version can
be determined by running the command "show version active" via the
Command Line Interface (CLI).
Products Confirmed Not Vulnerable
+--------------------------------
No other Cisco products are currently known to be affected by these
* Cisco Network Registrar
All Cisco Network Registrar versions are affected, and DNS services
are enabled by default.
The DNS server on CNR is enabled via the command-line interface
(CLI) commands "server dns enable start-on-reboot" or "dns enable
start-on-reboot" or via the web management interface in the Servers
page by selecting the appropriate "Start," "Stop," or "Reload"
button.
Tandberg.com, and is no longer available for download. The deferral
notice can be found at the following link: Software Deferral Notice
Administrators can determine the version of software running on their
device by logging in to the command-line interface (CLI) as the admin
user and issuing the xstatus systemunit command and finding the
SystemUnit Software Version field.
Example:
Vulnerable Products
+------------------
To determine the software version that is running on a Cisco Content
Delivery Engine, log in to the device and issue the show version
command-line interface (CLI) command to display the system banner.
Cisco CDS Internet Streamer software will identify itself as "Content
Delivery System Software Release". On the same line of output, the
version number will also be provided. This example identifies a Cisco
Content Delivery Engine that is running Cisco Content Delivery System
software release 2.5.9 build 5:
Administrators of systems running all Cisco Unified Presence versions
can determine the software version by viewing the main page of the
Cisco Unified Presence Administration interface. The software version
can be determined by running the command show version active via the
Command Line Interface (CLI).
Products Confirmed Not Vulnerable
+--------------------------------
No other Cisco products are currently known to be affected by these
1. Stop the Operations Manager for Windows console and its additional binaries, such as node editor.
2. From a command prompt, backup %OvInstallDir%\bin\srcvw4.dll
3. From a command prompt, copy OMW60_srcvw4.dll into %OvInstallDir%\bin\srcvw4.dll
4. Verify that %OvInstallDir%\bin\srcvw4.dll is now v4.0.1.2
Note: Steps 2 and 3 above must be performed from the Windows command line, not from Windows Explorer.
For Operations Manager for Windows v7.5
Verify the version of srcvw32.dll currently installed
operation, and multiplexing.
When TCP connections are terminated in Cisco IOS Software, they are
allocated a transmission control block (TCB). All allocated TCBs,
associated TCP port numbers, and the TCP state are displayed in the
output of the "show tcp brief all" command-line interface (CLI) command.
Cisco IOS Software version 15.1(2)T contains a vulnerability that could
cause an embryonic TCP connection to remain in SYNRCVD or SYNSENT
state without a further TCP state transition. Examining the output of
the "show tcp brief all" command multiple times will indicate if TCP
MYSQL COMMAND-LINE CLIENT HTML INJECTION VULNERABILITY
Thomas Henlich <thomas@henlich.de>
DESCRIPTION
The mysql command-line client does not quote HTML special characters
like < in its output. This allows an attacker who is able to write data
into a table to hide or modify records in the output, and to inject
potentially dangerous code, e. g. Javascript to perform cross-site
> Quick calculator session :
> 2^(-18) = 0.000003814697265625
> 2^(-14) = 0.00006103515625
>
> So there is a vanishingly small probability that a Bad Guy may
> discover less than 2 characters from my command-line, every time they
> try this attack. And each time they fail, my connection gets rudely
> chopped. Two characters won't help them much. They'd need to succeed
> about ten times per typed command-line to snoop on most of my
> sessions. This weakness is surely of no conceivable use to a Bad Guy
> ?
software-only versions of the product.
The following methods can be used to determine which version of the
Cisco Secure ACS is installed:
* From the Cisco Secure ACS command-line interface (CLI), issue the
"show version" command, as shown in the following example:
acs51a/admin# show version
Cisco Application Deployment Engine OS Release: 1.2
Next Page>>
|
