S-096: Application Inspection Vulnerability in Cisco Firewall Services Module
A vulnerability exists in the Cisco Firewall Services Module (FWSM) - a high-speed, integrated firewall module for Cisco Catalyst 6500 switches and Cisco 7600 Series routers, that my result in a reload of the FWSM. The risk is LOW. May result in a reload of the FWSM.
Hey everyone,
I have a few question.
1. Is it possible to display cisco 'show run' output command to the application ??
2. And is there any ways to log in to the router instead of using telnet from telnet application???
Thanks in advance (0 Replies)
Hi experts,
I need to cope configuration from one switch/firewall to another switch/firewall.
I have copied running configs.
The question is do I have to clear the existing configuration on the dest. devices
Or can I copy it(replace) directly without clearing previous config ?
If... (2 Replies)
I am writing perl script to configure Cisco device but Variables inside Net::Telnet::Cisco Module doesn't work and passed to device without resolving.
Please advise.
here is a sample of script:
use Net::Telnet::Cisco;
$device = "10.14.199.1";
($o1, $o2, $o3, $o4) = split(/\./,$device);... (5 Replies)
PIX2DLF.IN(1) LogReport's Lire Documentation PIX2DLF.IN(1)NAME
pix2dlf - convert PIX logs to the firewall DLF format
SYNOPSIS
pix2dlf
DESCRIPTION
This script expects syslog-type logs from a Cisco PIX firewall on stdin. Messages with severity level informational (6) and up should be
logged. These look like e.g.:
Jan 15 12:58:37 pix1 %PIX-4-106543: Deny tcp src outside:1.2.3.4/1234 dst
inside:2.3.4.5/80 by access-group "foo"
Jan 16 10:37:09 pix1 %PIX-4-106543: Deny udp src outside:3.4.5.6/137 dst
inside:4.5.6.7/137 by access-group "foo"
Jan 17 08:43:46 pix1 %PIX-4-106543: Deny icmp src outside:5.6.7.8 dst
inside:6.7.8.9 (type 8, code 0) by access-group "foo"
Jan 24 00:07:39 pix1 %PIX-6-302000: Teardown TCP connection 178359 faddr
7.8.9.10/102 gaddr 8.9.10.11/21652 laddr 9.10.11.12/4107 duration
0:00:01 bytes 755 (TCP FINs)
Jan 24 00:07:45 pix1 %PIX-6-302000: Teardown UDP connection for faddr
10.11.12.13/711 gaddr 11.12.13.14/1259 laddr 12.13.14.15/1259
That is
syslog_time_stamp log_host %PIX-Level-Message_number: Message_text
See also http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/ syslog/pixemint.htm#xtocid11 .
It will output DLF records in the Lire firewall DLF format on STDOUT.
For now, only messages
%PIX-2-106001
%PIX-2-106002
%PIX-2-106006
%PIX-2-106007
%PIX-3-106010
%PIX-3-106014
%PIX-6-106015
%PIX-1-106021
%PIX-4-106023
%PIX-6-302002
%PIX-6-302006
%PIX-6-302014
%PIX-6-302016
are used. Note that severity level 1 is `alert', 6 is ` informational'. (0 is `emergency', 7 is `debugging'.)
EXAMPLES
To process a log as produced by a Cisco PIX:
$ pix2dlf < pix.log
pix2dlf will be rarely used on its own, but is more likely called by lr_log2report:
$ lr_log2report pix < /var/log/pix.log
BUGS
This script hasn't yet been tested by a very wide range of log files, and therefore is not mature yet.
Studying the Cisco documentation for any changes in the log file format, e.g. between PIX Firewall Version 4.0 and 6.2, has not been done
yet.
We probably do not support any of the PIX products really fully. We've found documentation for log files for PIX version 4.3, 4.4, 5.0,
5.1, 5.2, 5.3, 6.0, 6.1 and 6.2, but didn't implement all peculiarities found in these docs yet. This script strives to support PIX 6.2 in
most common cases.
When hacking on this script, beware that log syntax has changed during PIX development. Furthermore, note that some rudimentary state is
represented in PIX logs. This state is not used yet in this script.
SEE ALSO
"Cisco PIX Firewall System Log Messages"
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/ syslog/pixemsgs.htm
VERSION
$Id: pix2dlf.in,v 1.26 2009/03/15 08:10:55 vanbaal Exp $
COPYRIGHT
Copyright (C) 2002 Stichting LogReport Foundation <logreport@logreport.org>
This file is part of Lire.
Lire is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
http://www.gnu.org/copyleft/gpl.html.
THANKS
Roberto dal Zilio and Ketil Adolfsen, for supplying PIX logs for debugging. Anthony (acquant) for fixing bugs.
AUTHOR
Initial version by Wessel Dankers <wsl@logreport.org>, based upon Lire's cisco_acl2dlf script. Lots of later changes by Joost van Baal
<joostvb@logreport.org>.
Lire 2.1.1 2009-03-15 PIX2DLF.IN(1)