Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-319: Cisco Intrusion Prevention System Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-319: Cisco Intrusion Prevention System Vulnerability
# 1  
Old 06-19-2008
S-319: Cisco Intrusion Prevention System Vulnerability
Cisco Intrusion Prevention System (IPS) platforms that have gigabit network interfaces installed and are deployed in inline mode contain a denial of service vulenrability in the handling of jumbo Ethernet frames. This vulnerability may lead to a kernel panic that requires a power cycle to recover platform operaiton. The risk is MEDIUM. Successful exploitation of the vulnerability may result in a network denial of service condition. A power cycle is required to recover operations. An attacker may be able to evade access controls and detection of malicious activity int he case of Cisco IPS 4260-4270 platforms that have hardware bypass configured to pass traffic in the event of a kernel panic.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Cybersecurity

Intrusion Detection - System Call Introspection

can u give me a code for host based intrusion detection using system call introspection... (5 Replies)
Discussion started by: aravind007
5 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

snmp::info::layer2::aironet

Info::Layer2::Aironet(3pm)				User Contributed Perl Documentation				Info::Layer2::Aironet(3pm)

NAME

       SNMP::Info::Layer2::Aironet - SNMP Interface to Cisco Aironet devices running IOS.

AUTHOR

       Max Baker

SYNOPSIS

	# Let SNMP::Info determine the correct subclass for you.
	my $aironet = new SNMP::Info(
				 AutoSpecify => 1,
				 Debug	     => 1,
				 DestHost    => 'myswitch',
				 Community   => 'public',
				 Version     => 2
			       )
	   or die "Can't connect to DestHost.
";

	my $class      = $aironet->class();
	print "SNMP::Info determined this device to fall under subclass : $class
";

DESCRIPTION

       Provides interface to SNMP Data available on newer Aironet devices running Cisco IOS.

       Note there are two classes for Aironet devices :

       SNMP::Info::Layer3::Aironet
	   This class is for devices running Aironet software (older)

       SNMP::Info::Layer2::Aironet
	   This class is for devices running Cisco IOS software (newer)

       For speed or debugging purposes you can call the subclass directly, but not after determining a more specific class using the method above.

       my $aironet = new SNMP::Info::Layer2::Aironet(...);

   Inherited Classes
       SNMP::Info::Layer2
       SNMP::Info::Entity
       SNMP::Info::EtherLike
       SNMP::Info::CiscoStats
       SNMP::Info::CiscoConfig

   Required MIBs
       Inherited Classes
	   MIBs required by the inherited classes listed above.

GLOBALS

       These are methods that return scalar value from SNMP

       $aironet->discription()
	   Adds info from method e_descr() from SNMP::Info::Entity

       $aironet->vendor()
	   Returns 'cisco'

       $aironet->description()
	   System description

   Globals imported from SNMP::Info::Layer2
       See documentation in "GLOBALS" in SNMP::Info::Layer2 for details.

   Globals imported from SNMP::Info::Entity
       See documentation in "GLOBALS" in SNMP::Info::Entity for details.

   Globals imported from SNMP::Info::EtherLike
       See documentation in "GLOBALS" in SNMP::Info::EtherLike for details.

TABLE METHODS

       $aironet->cd11_port()
	   Returns radio interfaces.

       $aironet->cd11_mac()
	   Returns radio interface MAC addresses.

       $aironet->cd11_ssid()
	   Returns radio interface ssid.

       $aironet->dot11_cur_tx_pwr_mw()
	   Current transmit power, in milliwatts, of the radio interface.

   Overrides
       $aironet->interfaces()
	   Uses the i_description() field.

       $aironet->i_mac()
	   MAC address of the interface. Note this is just the MAC of the port, not anything connected to it.

       $aironet->i_duplex()
	   Crosses information from SNMP::Info::EtherLike to get duplex info for interfaces.

       $aironet->bp_index()
	   Returns reference to hash of bridge port table entries map back to interface identifier (iid)

       $aironet->fw_mac()
	   Returns reference to hash of forwarding table MAC Addresses

       $aironet->fw_port()
	   Returns reference to hash of forwarding table entries port interface identifier (iid)

       $aironet->i_vlan()
	   Returns a mapping between "ifIndex" and the PVID or default VLAN.

       $aironet->v_index()
	   Returns VLAN IDs

       $aironet->v_name()
	   Returns VLAN names

       $aironet->i_ssidlist()
	   Returns a list of SSIDs associated with interfaces.	This function is "MBSSID" aware, so when using "MBSSID" can map SSIDs to the sub-
	   interface to which they belong.

       $aironet->i_ssidbcast()
	   With the same keys as i_ssidlist, returns whether the given SSID is being broadcast.

   Table Methods imported from SNMP::Info::Layer2
       See documentation in "TABLE METHODS" in SNMP::Info::Layer2 for details.

   Table Methods imported from SNMP::Info::Entity
       See documentation in "TABLE METHODS" in SNMP::Info::Entity for details.

   Table Methods imported from SNMP::Info::EtherLike
       See documentation in "TABLE METHODS" in SNMP::Info::EtherLike for details.

Data Munging Callback Subroutines
       $aironet->munge_cd11_txrate()
	   Converts units of half a megabit to human readable string.

perl v5.12.4							    2011-09-28						Info::Layer2::Aironet(3pm)