Multiple Vulnerabilities in Cisco Unified MeetingPlace
Multiple vulnerabilities exist in Cisco Unified MeetingPlace. This security advisory outlines the details of these vulnerabilities:

• Insufficient validation of SQL commands
• Unauthorized account creation
• User and password enumeration in Cisco MeetingTime
• Privilege escalation in Cisco MeetingTime

Vulnerable Products
Cisco Unified MeetingPlace versions 5, 6, and 7 are each affected by at least one of the vulnerabilities described in this document.

Details
This Security Advisory describes multiple distinct vulnerabilities in the MeetingPlace and MeetingTime products. These vulnerabilities are independent of each other.

• Insufficient Validation of SQL Commands
  An unauthenticated user may be able to send SQL commands to manipulate the database that MeetingPlace uses to store information about server configuration, meetings, and users. These commands could be used to create, delete, or alter any of the information contained in the Cisco Unified MeetingPlace database.
• Unauthorized Account Creation
  An unauthenticated user may be able to send a crafted URL to the internal interface of the Cisco Unified MeetingPlace web server to create a MeetingPlace user or administrator account.
• User and Password Enumeration in Cisco MeetingTime
  The MeetingTime authentication sequence consists of a series of packets that are transmitted between the client and the Cisco Meeting Place Audio Server over TCP port 5001. An attacker may be able to alter the authentication sequence to access sensitive information in the user database including usernames and passwords.
• Privilege Escalation in Cisco MeetingTime
  An attacker may be able to alter the packets in the MeetingTime authentication sequence to elevate the privileges of a normal user to an administrative user.

Impact
Successful exploitation of these vulnerabilities may result in a variety of conditions including: information disclosure, denial of service, privilege escalation, account creation, or alteration of configuration data.

Link: http://www.cisco.com/../advisory09186a0080b1490b.shtml

Cisco IOS XR Software SSH Denial of Service Vulnerability
The SSH server implementation in Cisco IOS XR Software contains a vulnerability that an unauthenticated, remote user could exploit to cause a denial of service condition. An attacker could trigger this vulnerability by sending a crafted SSH version 2 packet that may cause a new SSH connection handler process to crash. Repeated exploitation may cause each new SSH connection handler process to crash and lead to a significant amount of memory being consumed, which could introduce instability that may adversely impact other system functionality. During this event, the parent SSH daemon process will continue to function normally.

Vulnerable Products
This vulnerability affects Cisco IOS XR systems that are running an affected version of Cisco IOS XR Software and have the SSH server feature enabled.

Details
Cisco IOS XR Software is a member of the Cisco IOS Software family that uses a microkernel-based distributed operating system infrastructure. Cisco IOS XR Software runs on the Cisco CRS-1 Carrier Routing System, Cisco 12000 Series Routers, and Cisco ASR 9000 Series Aggregation Services Routers.

The SSH server implementation in Cisco IOS XR Software contains a vulnerability that an unauthenticated, remote user could exploit to cause a denial of service condition.

The vulnerability is triggered when a new SSH handler process handles a crafted SSH version 2 packet, which may cause the process to crash. During this event, a significant amount of memory may be consumed. Repeated exploitation may impact other system functionality, depending upon the size of the available memory and the duration of attack.

Although exploitation of this vulnerability does not require user authentication, the TCP three-way handshake must be completed, and some SSH protocol negotiation must occur.

Impact
Successful exploitation of the vulnerability described in this advisory could result in a crash of the SSH connection handler process. Repeated exploitation may impact other system functionality, depending upon the size of the available memory and the duration of attack.

Link: http://www.cisco.com/../advisory09186a0080b13512.shtml

CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability
CiscoWorks Internetwork Performance Monitor (IPM) versions 2.6 and earlier for Microsoft Windows operating systems contain a buffer overflow vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code. There are no workarounds for this vulnerability.

Vulnerable Products
CiscoWorks IPM versions 2.6 and earlier for Windows operating systems are affected.

Details
CiscoWorks IPM is a troubleshooting application that gauges network response time and availability. CiscoWorks IPM is available as a component within the CiscoWorks LAN Management Solution (LMS) bundle. CiscoWorks IPM versions 2.6 and earlier for Windows contain a buffer overflow vulnerability when processing Common Object Request Broker Architecture (CORBA) GIOP requests. By sending a crafted CORBA GIOP request, a remote, unauthenticated attacker may be able to trigger the buffer overflow condition and execute arbitrary code with SYSTEM privileges on affected Windows systems. This vulnerability is documented in Cisco Bug ID CSCsv62350 and has been assigned the Common Vulnerabilities and Exposures (CVE) CVE-2010-0138.

Impact
Successful exploitation of the vulnerability may result in the ability to execute arbitrary code with SYSTEM privileges on affected Windows systems.

Link: http://www.cisco.com/../advisory09186a0080b1351d.shtml

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: DOS, Privilege escalation, Remote Control

The networking giant has already sent the first one into space.
The company announced that the router has successfully completed initial in-orbit tests, after being launched Nov. 23 aboard the Intelsat 14 communications satellite into geosynchronous orbit, 22,300 miles above the Earth.

The move is one small step in a bold, new Cisco initiative dubbed Internet Routing in Space (IRIS), which company executives say extends the same Internet protocol-based (IP) technology used to build the World Wide Web into the heavens. The long-term goal, they say, is to route voice, data and video traffic between satellites over a single IP network in ways that are more efficient, flexible and cost effective than is possible over today’s fragmented satellite communications networks.

It’s an exercise that’s sparking intense interest in the satellite industry as well as in the U.S. military, telecommunications companies and other businesses that stand to benefit from the technology. Don Brown of Intelsat General, the world’s largest operator of commercial communications satellites, says IRIS is to the future of satellite-based communications what Internet forerunner ARPANET was to the creation of the World Wide Web in the 1960s.

“There is a very strong potential for IRIS to revolutionize communications satellite architecture,” says Brown, who is vice president of hosted payloads at the Maryland-based satellite operator. “IP changes everything.”

What is IRIS?

IRIS is a Joint Capability Technology Demonstration (JCTD) with the Department of Defense (DoD) and is a three-year program that allows the DoD to collaborate with its Industry Team to demonstrate and assess the utility of IRIS.

Goals of the IRIS JCTD include:

• Demonstrate collaboration with industry in leveraging the commercial acquisition processes to provide space-based IP network routing.
• Gain knowledge on how to manage space-based IP networks, while demonstrating the advantages that space-based networking brings to the warfighter.
• Demonstrate terrestrial standards-based on-board IP packet routing communications from a geostationary orbit satellite.

The IRIS demonstration will be evaluated through military exercises driven by mission scenarios that will represent realistic operational conditions. A set of key Critical Operational Issues will be identified, based on stakeholder inputs, in areas such as functionality, operational impact, interoperability and suitability. Upon completion of the JCTD’s military utility assessment, the U.S. Army, Air Force, Navy, Marine, Coast Guard and NATO forces could leverage this capability to enhance military network-centric operations.

References:

• http://newsroom.cisco.com/dlls/2010/ts_011910.html
• http://www.cisco.com/web/strategy/government/space-routing.html
• http://www.cisco.com/web/strategy/docs/gov/Strat-Space_IRIS.pdf

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: Intelsat, IP, IRIS, Satellite

• Rollback configuration
• Restore configuration in case of a broken router

There are two ways to backup: manually (using write command each time that you would save running configuration) or automatically (using software like Ciscoworks, HP OpenView, … ).

In this tutorial, I would explain a different method to backup configuration: the archive command.

Introduced into Cisco IOS Release 12.3(4)T, the archive command permits to save a copy of the current running configuration to different path: ftp, http, https, rcp, scp, tftp servers. Moreover the archive command has other features, but in this article I would use only two of these:

• time-period: it sets the time increment for automatically saving an archive file of the current running configuration in the Cisco IOS configuration archive.
• write-memory: it enable automatic backup generation during write memory; for instance, when I use the ‘write’ command the archive command will be invoked automatically.

Example: Implement and test archive command

Suppose to have a network (192.168.217.0/24) with an FTP-Server (.1). It is required to save the running configuration to the FTP-Server each day (1440 minutes). The FTP-Server has an FTP account with username: cisco and password: lab.

First of all, it is required access to the archive configuration mode:

Ciscozine(config)#archive

Now it is possible define the destination path. In this example, I use the FTP protocol to send the running configuration; the name ‘$h’ instructs the system to use the router hostname when naming the archived configuration (in this case $h is equal to Ciscozine).

Ciscozine(config-archive)#path ftp://cisco:lab@192.168.217.1/$h

To instruct the router to save the configuration each day (1440 minutes) and to enable automatic backup generation when write memory command is typed, use:

Ciscozine(config-archive)#time-period 1440
Ciscozine(config-archive)#write-memory

To see how many configurations are been saved use the command ’show archive’:

Ciscozine#sh archive
The next archive file will be named
                      ftp://cisco:lab@192.168.217.1/Ciscozine-17
Archive #  Name
0       ftp://cisco:lab@192.168.217.1/Ciscozine-15
1       ftp://cisco:lab@192.168.217.1/Ciscozine-16 <- Most Recent
2       ftp://cisco:lab@192.168.217.1/Ciscozine-2
3       ftp://cisco:lab@192.168.217.1/Ciscozine-3
4       ftp://cisco:lab@192.168.217.1/Ciscozine-4
5       ftp://cisco:lab@192.168.217.1/Ciscozine-5
6       ftp://cisco:lab@192.168.217.1/Ciscozine-6
7       ftp://cisco:lab@192.168.217.1/Ciscozine-7
8       ftp://cisco:lab@192.168.217.1/Ciscozine-8
9       ftp://cisco:lab@192.168.217.1/Ciscozine-9
10       ftp://cisco:lab@192.168.217.1/Ciscozine-10
11       ftp://cisco:lab@192.168.217.1/Ciscozine-11
12       ftp://cisco:lab@192.168.217.1/Ciscozine-12
13       ftp://cisco:lab@192.168.217.1/Ciscozine-13
14       ftp://cisco:lab@192.168.217.1/Ciscozine-14
Ciscozine#

To display the differences between two config files use the ’show archive config differences’; for instance, to find the differences between the startup-config and the ‘Ciscozine-8′ file, type:

NEW-CISCOZINE#show archive config differences nvram:startup-config
    ftp://cisco:lab@192.168.217.1/Ciscozine-8
Loading Ciscozine-8 !
[OK - 717/4096 bytes]

Contextual Config Diffs:
+hostname Ciscozine

-hostname NEW-CISCOZINE
NEW-CISCOZINE#

As you can see, there are two differences: the hostname saved in the startup-configuration file (NEW-CISCOZINE) is different from the Ciscozine-8 file (Ciscozine).

Remember: If the router is reloaded, the system will restart to save the configuration with the counter equal to one (for example Ciscozine-1). So the previous configurations will be overwritten!

References: http://www.cisco.com/…/cfrgt_01.html#wp1094403

© Fabio Semperboni for CiscoZine, 2010. | Permalink | One comment
Post tags: Advanced configuration, Archive, Video

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user.

The Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The WRF Player can be automatically installed when the user accesses a WRF file that is hosted on a WebEx server. The WRF Player can also be manually installed for offline playback after downloading the application from www.webex.com.

If the WRF Player was automatically installed, the WebEx WRF Player will be automatically upgraded to the latest, non-vulnerable version when users access a WRF file hosted on a WebEx server. If the WebEx WRF Player was manually installed, users will need to manually install a new version of the player after downloading the latest version from http://www.webex.com/.

Vulnerable Products
The vulnerabilities disclosed in this advisory affect the Cisco WebEx WRF Player. Microsoft Windows, Apple Mac OS X, and Linux versions of the player are affected. Affected versions of the WRF Player are those prior to the “first fixed” versions, which are shown in the section “Software Versions and Fixes” of this advisory.

To check if a Cisco WebEx server is running an affected version of the WebEx client build, users can log in to their Cisco WebEx server and go to the Support -> Downloads section. The version of the WebEx client build will be displayed on the right-hand side of the page under “About Support Center”, for example “Client build: 27.11.0.3328.”

Details
The WebEx meeting service is a hosted multimedia conferencing solution that is managed by and maintained by Cisco WebEx. The WebEx Recording Format (WRF) is a file format that is used to store WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The WRF Player is an application that is used to play back and edit WRF files (files with .wrf extensions). The WRF Player can be automatically installed when the user accesses a WRF file that is hosted on a WebEx server (stream playback mode). The WRF Player can also be manually installed after downloading the application from http://www.webex.com/  to play back WRF files locally (offline playback mode).

Multiple buffer overflow vulnerabilities exist in the WRF Player. The vulnerabilities may lead to a crash of the WRF Player application, or in some cases, lead to remote code execution.

To exploit a vulnerability, a malicious WRF file would need to be opened by the WRF Player application. An attacker may be able to accomplish this by providing the malicious WRF file directly to users (for example, via e-mail), or by convincing users to visit a malicious website. The vulnerability cannot be triggered by users attending a WebEx meeting.

Impact
Successful exploitation of the vulnerabilities described in this document could result in a crash of the Cisco WebEx WRF Player application, and in some cases, allow a remote attacker to execute arbitrary code on the targeted system with the privileges of the user running the WRF Player application.

Link: http://www.cisco.com/…/products_security_advisory09186a0080b0a577.shtml

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: DOS, Remote Control, WebEx

Cisco was founded on December 10, 1984 by husband and wife Len Bosack and Sandy Lerner, two former Stanford University computer scientists whose efforts to enable email between computers on different networks led to the invention of the first multiprotocol router. This seminal breakthrough played a major role in fueling the growth of the Internet. 

Chambers says “In the coming quarter century, the role of the network will become even more important in driving growth, innovation, and productivity in industries such as healthcare, education and energy.  Looking ahead, Cisco is positioned to lead the evolution of the network to enable a ‘connected future’ which is increasingly collaborative, video-driven, personalized, and mobile.”.

Twenty-five years, more than 7,000 patents, and nearly 1 million employee volunteer hours later, Cisco today is the worldwide leader in networking technologies that are changing how the world works, lives, plays and learns. The company’s commitment to innovation, customers and giving back has been key to Cisco’s success over the years—and it will drive the company’s ongoing mission to shape the future of the Internet by creating unprecedented value and opportunity for customers, employees, investors and ecosystem partners.

For Presti, a technology consultant and former journalist who has been covering Cisco Systems since 1995, Cisco’s ability to reinvent itself is top of the list. Cisco’s tradition, he says, is not to be stuck in the past but to use the past as the starting point for its future.

In the mid-1990s, for example, Cisco was strictly a router and switch vendor. “It was all about plumbing back then,” Presti says. But over time Cisco has moved from making gear for data networks to providing all kinds of equipment for voice communications and video systems, highlighted by products like Cisco TelePresence. The company has also become much more focused on software to make networks work even better for communicating, collaborating and entertaining.

Perhaps more importantly, Cisco has also been able to reinvent its business operations. For example, Presti says Cisco’s rapid growth in the 1990s was threatening to outstrip the company’s sales capabilities. This is when it developed a pillar to its current operations: the Cisco reseller partner program.

John Chambers discuss Cisco’s 25th Anniversary

Highlights:
•A quarter of a century ago there were just 1,000 “hosts” on the Internet, today there are more than 1.7 billion Internet users worldwide.
•In 1984, there were 1,000 Internet devices; today there are over a 1 billion.
•Cisco has grown from two employees with one product in 1984 to more than 63,000 people today in 200 offices worldwide with 50 product lines.
•Cisco has been on the forefront of information technology for 25 years and posted fiscal year 2009 revenue of $36.1 billion.
•Cisco’s innovation is demonstrated in the company’s more than 7,000 patents issued worldwide to Cisco inventors and 9,000 patent applications currently pending.
•Cisco employees have logged nearly 1 million hours of volunteer service since 2001.
•As a global corporate citizen, Cisco, in the last 10 years, has contributed over $1 billion to education, social inclusion and economic development initiatives globally.

References:

• http://newsroom.cisco.com/dlls/2009/corp_121009.html
• http://newsroom.cisco.com/dlls/2009/ts_121009.html

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: 25th anniversary, Happy Birthday, Video

Cisco will award two first-place prizes of Christmas dinners over TelePresence, 10 second-place prizes of a TelePresence meeting and 20 third-place prizes of Flip MinoTM cameras to the person with the entry that best illustrates the importance of connections with family and friends at Christmas.

Cisco TelePresence creates a live face-to-face experience with high-quality video and spatial audio technology that makes it feel as if you’re in the same room when in reality you may be thousands of kilometres away!  The Cisco “Christmas Connections” Contest is designed to connect friends and families living around the world over Christmas via Cisco TelePresence.

The deadline for entries is midnight Australian Eastern Daylight Time (AEDT) on Dec. 6, 2009. For official terms and conditions the Cisco “Christmas Connections” Contest, please visit: www.cisco.com/connect.

References:

• http://newsroom.cisco.com/dlls/2009/prod_112509.html
• http://www.cisco.com/connect

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: Business, Event, Video

Marie Hattar, vice president, Network Systems Solutions Marketing, Cisco says: “enabling borderless networks is critical for today’s business success.  A key component of enabling individuals to connect to their business networks from anywhere is working to ensure that the network is protected regardless of the device used. Our new Cisco SIO To Go iPhone application is another important step in making this vision a reality. It improves the means by which IT departments are alerted to threats, and it provides added confidence and device flexibility as Cisco customers are shielded from these breaches.”

iPhone Features:
Powered by the Cisco Security IntelliShield Alert Manager Service, the Cisco SIO To Go iPhone application informs, protects and enables users to respond in real time to alerts and threats to the network. The application delivers early warning intelligence, threat vulnerability and proven Cisco mitigation solutions to users’ iPhones as they occur. It also provides unique IP and URL address e-mail and Web reputation look-up powered by the Cisco IronPort® SenderBase Security Network and the Cisco SIO.

Alerts delivered include:

• Cisco Product Security Incident Response Team (PSIRT) Alerts
• Cisco Intrusion Prevention Systems (IPS) Signatures
• Cisco Applied Mitigation Bulletins
• Cisco Threat Outbreak Alerts
• And many others

References:

• http://csioiphone.com/
• http://newsroom.cisco.com/dlls/2009/prod_112009.html

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: iPhone, Software, Video

You manage your business as it evolves from the stone age of dial-up, through the broadband and mobile connected eras, and into the dawning of the medianet age. Learn how to transform your community and explore the products and solutions that will help you provide a migration path from dial up, broadband and mobile services into the medianet age.

MyPlanNet was released on Oct. 5 at an International Telecommunication Union in Geneva, Switzerland, and is the product of an internal innovation contest at Cisco.

Liu, who is a senior marketing manager, says the game was a side project of his for over a year. He was looking for a way to engage customers with marketing and thought his game would target the intellectual side of issues by “introducing these complex topics in a more fun way than you would get from” reading white papers.

Liu calls myPlanNet an educational tool that puts a “human touch” on evolving technology challenges and also helps to place them within a broader context. The game does simulate historic timeline contexts and how “technology is needed to deploy advance services as your community evolves,” said Liu.

The game is free, but works only on Windows platform (x32 and x64 system). To download it go to http://www.cisco.com/go/myplannet/.

1. After you click on “Download Game”, you will be prompted for login (if not already logged into cisco.com). New users without Cisco login can get one by clicking on the “register now” option.
2. After you accept the end-user license agreement, you will be prompted with a download box.  Choose “Save File”.  Personally, I prefer to just place it on my desktop so I can easily find it.
3. Once the file is saved to your desktop, unzip it and select “extract all”. Again, I prefer to just extract it to my desktop.
4. The game will appear on your desktop in a folder titled “mpn_final_Gold”.  Open that folder and click on the myPlanNet.exe file to get started!
5. Enjoy!

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: Business, Game, Software, Video

This vulnerability could impact any Cisco product that uses any version of TLS and SSL.

Affected Products:
Cisco is currently evaluating products for possible exposure to these TLS issues. Products will only be listed in the Vulnerable Products or Products Confirmed Not Vulnerable sections of this advisory when a final determination about product exposure is made

Details:
TLS and its predecessor, SSL, are cryptographic protocols that provide security for communications over IP data networks such as the Internet. An industry-wide vulnerability exists in the TLS protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack.

Exploitation and Public Announcements:
This vulnerability was initially discovered by Marsh Ray and Steve Dispensa from PhoneFactor, Inc.
Cisco is not aware of any malicious exploitation of this vulnerability. Proof-of-concept exploit code has been published for this vulnerability.

Link: http://www.cisco.com/…/products_security_advisory09186a0080b01d1d.shtml

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: MiTM

After the upgrading, I have tried to downlad an ISO image but the speed was very low (about 300KB/s and not 700KB/s). Mhhh this is strange! I have begun the troubleshooting but no error, no warning message. So I have reset my current configuration, but nothing… no real improvement.

Fortunately my better friend (google hihihi) help me and I have found how to fix the ‘download speed’: define manually the ‘clockrate’ into the atm interface!

Ciscozine(config-if)#clock rate aal5 ?
        1000000
        1300000
        1600000
        2000000
        2600000 (default)
        3200000
        4000000
        5300000
        7000000

  <1000000-7000000>  clock rates in bits per second,
                     choose one from above

Ciscozine(config-if)#

In fact, if you don’t define the clock rate command into the atm interface, the IOS set to 2600000 this parameter. To force it, use the command ‘clock rate aal5′; in my case I use the command ‘clock rate aal5 7000000′.

Below the download speed test guarantee the bandwith improvement.

Without clock rate command

With clock rate command

That’s all! I hope this tutorial can help you!

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: ADSL, Advanced configuration, Tips