Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
# 1  
Old 04-10-2008
S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages. The risk is LOW. Successful exploitation of the vulnerability can result in the creation of extra multicast states on the core routers or the leaking of multicast traffic from one MPLS VPN to another.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Solaris

Cisco IOS VPN server IKE

How do I tell if Cisco IOS VPN server IKE is running on my solaris 10 system (1 Reply)
Discussion started by: pgsanders
1 Replies

2. Shell Programming and Scripting

Need help on ssh login script to cisco ios

I'm trying to write a login script to ssh into a cisco switch that will run some command remotely. Similar to this expect script located here: SSH login expect shell script to supply username and password However, that script does not work with cisco ios. Anyway know what the best way to... (1 Reply)
Discussion started by: streetfighter2
1 Replies

3. Linux

How to multicast on different IP network

On Linux, I have configured two different IP address for two network device eth0 ,eth1 , in my program, I want to multicast differently on these two network, I know it must add route for single network and I try to config another route for second network,but it can not work correctly, how to config... (0 Replies)
Discussion started by: Frank2004
0 Replies

4. IP Networking

private network to private network gateway

i have one private network with one ip address, and i have a seperate network on a seperate ip address. now, each network is behind a firewall/router. now what i want to do is be able to access one server on the second network from a computer on the first., but with the private ip address, (this... (2 Replies)
Discussion started by: norsk hedensk
2 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

rancid

rancid(1)						      General Commands Manual							 rancid(1)

NAME

       rancid - Cisco configuration filter

SYNOPSIS

       rancid [-dlV] (-f filename | hostname)

DESCRIPTION

       rancid  is  a  perl(1)  script  which  uses  the  login	scripts  (see  clogin(1))  to  login  to a device, execute commands to display the
       configuration, etc, then filters the output for formatting, security, and so on.  rancid's product is a file with the  name  of	it's  last
       argument plus the suffix .new.  For example, hostname.new.

       There are complementary scripts for other platforms and/or manufacturers that are supported by rancid(1).  Briefly, these are:

       agmrancid      Cisco Anomaly Guard Module (AGM)

       arancid	      Alteon WebOS switches

       arrancid       Arista Networks devices

       brancid	      Bay Networks (nortel)

       cat5rancid     Cisco catalyst switches

       cssrancid      Cisco content services switches

       erancid	      ADC-kentrox EZ-T3 mux

       f10rancid      Force10

       f5rancid       F5 BigIPs

       fnrancid       Fortinet Firewalls

       francid	      Foundry and HP procurve OEMs of Foundry

       hrancid	      HP Procurve Switches

       htranicd       Hitachi Routers

       jerancid       Juniper Networks E-series

       jrancid	      Juniper Networks

       mrancid	      MRTd

       mrvrancid      MRV optical switches

       mtrancid       Mikrotik routesrs

       nrancid	      Netscreen firewalls

       nsrancid       Netscaler

       nxrancid       Cisco Nexus boxes

       prancid	      Procket Networks

       rivrancid      Riverstone

       rrancid	      Redback

       srancid	      SMC switch (some Dell OEMs)

       trancid	      Netopia sDSL/T1 routers

       tntrancid      Lucent TNT

       xrancid	      Extreme switches

       xrrancid       Cisco IOS-XR boxes

       zrancid	      Zebra routing software

       The command-line options are as follows:

       -V     Prints package name and version strings.

       -d     Display debugging information.

       -l     Display somewhat less debugging information.

       -f     rancid  should  interpret  the  next  argument  as  a filename which contains the output it would normally collect from the device (
	      hostname) with clogin(1).

SEE ALSO

       control_rancid(1), clogin(1), rancid.conf(5)

CAVEATS

       Cisco IOS offers a DHCP server that maintains a text database which can be stored remotely or on local storage.	 If  stored  locally,  the
       file  changes  constantly  and  causes  constant  diffs	from  rancid.	If  this  file's  name	('ip  dhcp  database')	matches  the regex
       dhcp_[^[:space:].].txt, it will be filtered.

       For Catalyst switches running CatOS, type cat5, the prompt must end with '>'.  clogin(1) looks  for  '>'  to  determine	when  a  login	is
       successful.  For example:

		 cat5k>
		 cat5k> enable
		 Password:
		 cat5k> (enable)

       rancid  works  on  Cisco  Catalyst  1900  series  switches  that are running Enterprise Edition software.  This software provides a menu at
       connection time that allows a command line interface to be used by entering 'K' at the prompt.

								   26 April 2011							 rancid(1)