S-307: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. The risk is MEDIUM. Successful exploitation of the vulnerabilities may cause a reload of the affected device, repeated exploitation could result in a sustained Denial-of-Service (DoS) condition, and may allow an attacker to bypass control-plane ACLs and successfully send malicious traffic to the device.
Hi all,
I need this as soon as possible to solve it or at least to find out what is the problem.
I have configured IPSec tunnels with Openswan and Cisco ASA, i have established a connection and the ping was fine, but after some time there is request time out from both sites. I don't have ASA... (0 Replies)
Hi,I want connect my ASA 5510 firewall to a 3750 switch with RIP routing. Unfortunately,I am having issues passing the VPN subnet through rip to the 3750.I don't understand how the routing table is populated on the ASA. Any suggestions? (0 Replies)
Hi,
I am trying to establish vpn between my linux server and cisco asa at client side.
I installed openswan on my cent os.
Linux Server
eth0 - 182.2.29.10
Gateway - 182.2.29.1
eth1 - 192.9.200.75
I have simple IPtables Like
WAN="eth0"
LAN="eth1" (0 Replies)
I having problem connecting to a Cisco PIX
Log from IKE
# /usr/lib/inet/in.iked -f /etc/inet/ike/config -d
Jan 16 00:40:57: 2012 (+0800) *** in.iked started ***
Jan 16 00:40:57: Loading configuration...
Jan 16 00:40:57: Checking lifetimes in "nullrule"
Jan 16 00:40:57: Using default value... (0 Replies)
rancid(1) General Commands Manual rancid(1)NAME
rancid - Cisco configuration filter
SYNOPSIS
rancid [-dlV] (-f filename | hostname)
DESCRIPTION
rancid is a perl(1) script which uses the login scripts (see clogin(1)) to login to a device, execute commands to display the
configuration, etc, then filters the output for formatting, security, and so on. rancid's product is a file with the name of it's last
argument plus the suffix .new. For example, hostname.new.
There are complementary scripts for other platforms and/or manufacturers that are supported by rancid(1). Briefly, these are:
agmrancid Cisco Anomaly Guard Module (AGM)
arancid Alteon WebOS switches
arrancid Arista Networks devices
brancid Bay Networks (nortel)
cat5rancid Cisco catalyst switches
cssrancid Cisco content services switches
erancid ADC-kentrox EZ-T3 mux
f10rancid Force10
f5rancid F5 BigIPs
fnrancid Fortinet Firewalls
francid Foundry and HP procurve OEMs of Foundry
hrancid HP Procurve Switches
htranicd Hitachi Routers
jerancid Juniper Networks E-series
jrancid Juniper Networks
mrancid MRTd
mrvrancid MRV optical switches
mtrancid Mikrotik routesrs
nrancid Netscreen firewalls
nsrancid Netscaler
nxrancid Cisco Nexus boxes
prancid Procket Networks
rivrancid Riverstone
rrancid Redback
srancid SMC switch (some Dell OEMs)
trancid Netopia sDSL/T1 routers
tntrancid Lucent TNT
xrancid Extreme switches
xrrancid Cisco IOS-XR boxes
zrancid Zebra routing software
The command-line options are as follows:
-V Prints package name and version strings.
-d Display debugging information.
-l Display somewhat less debugging information.
-f rancid should interpret the next argument as a filename which contains the output it would normally collect from the device (
hostname) with clogin(1).
SEE ALSO control_rancid(1), clogin(1), rancid.conf(5)CAVEATS
Cisco IOS offers a DHCP server that maintains a text database which can be stored remotely or on local storage. If stored locally, the
file changes constantly and causes constant diffs from rancid. If this file's name ('ip dhcp database') matches the regex
dhcp_[^[:space:].].txt, it will be filtered.
For Catalyst switches running CatOS, type cat5, the prompt must end with '>'. clogin(1) looks for '>' to determine when a login is
successful. For example:
cat5k>
cat5k> enable
Password:
cat5k> (enable)
rancid works on Cisco Catalyst 1900 series switches that are running Enterprise Edition software. This software provides a menu at
connection time that allows a command line interface to be used by entering 'K' at the prompt.
26 April 2011 rancid(1)