S-319: Cisco Intrusion Prevention System Vulnerability
Cisco Intrusion Prevention System (IPS) platforms that have gigabit network interfaces installed and are deployed in inline mode contain a denial of service vulenrability in the handling of jumbo Ethernet frames. This vulnerability may lead to a kernel panic that requires a power cycle to recover platform operaiton. The risk is MEDIUM. Successful exploitation of the vulnerability may result in a network denial of service condition. A power cycle is required to recover operations. An attacker may be able to evade access controls and detection of malicious activity int he case of Cisco IPS 4260-4270 platforms that have hardware bypass configured to pass traffic in the event of a kernel panic.
rancid(1) General Commands Manual rancid(1)NAME
rancid - Cisco configuration filter
SYNOPSIS
rancid [-dlV] (-f filename | hostname)
DESCRIPTION
rancid is a perl(1) script which uses the login scripts (see clogin(1)) to login to a device, execute commands to display the
configuration, etc, then filters the output for formatting, security, and so on. rancid's product is a file with the name of it's last
argument plus the suffix .new. For example, hostname.new.
There are complementary scripts for other platforms and/or manufacturers that are supported by rancid(1). Briefly, these are:
agmrancid Cisco Anomaly Guard Module (AGM)
arancid Alteon WebOS switches
arrancid Arista Networks devices
brancid Bay Networks (nortel)
cat5rancid Cisco catalyst switches
cssrancid Cisco content services switches
erancid ADC-kentrox EZ-T3 mux
f10rancid Force10
f5rancid F5 BigIPs
fnrancid Fortinet Firewalls
francid Foundry and HP procurve OEMs of Foundry
hrancid HP Procurve Switches
htranicd Hitachi Routers
jerancid Juniper Networks E-series
jrancid Juniper Networks
mrancid MRTd
mrvrancid MRV optical switches
mtrancid Mikrotik routesrs
nrancid Netscreen firewalls
nsrancid Netscaler
nxrancid Cisco Nexus boxes
prancid Procket Networks
rivrancid Riverstone
rrancid Redback
srancid SMC switch (some Dell OEMs)
trancid Netopia sDSL/T1 routers
tntrancid Lucent TNT
xrancid Extreme switches
xrrancid Cisco IOS-XR boxes
zrancid Zebra routing software
The command-line options are as follows:
-V Prints package name and version strings.
-d Display debugging information.
-l Display somewhat less debugging information.
-f rancid should interpret the next argument as a filename which contains the output it would normally collect from the device (
hostname) with clogin(1).
SEE ALSO control_rancid(1), clogin(1), rancid.conf(5)CAVEATS
Cisco IOS offers a DHCP server that maintains a text database which can be stored remotely or on local storage. If stored locally, the
file changes constantly and causes constant diffs from rancid. If this file's name ('ip dhcp database') matches the regex
dhcp_[^[:space:].].txt, it will be filtered.
For Catalyst switches running CatOS, type cat5, the prompt must end with '>'. clogin(1) looks for '>' to determine when a login is
successful. For example:
cat5k>
cat5k> enable
Password:
cat5k> (enable)
rancid works on Cisco Catalyst 1900 series switches that are running Enterprise Edition software. This software provides a menu at
connection time that allows a command line interface to be used by entering 'K' at the prompt.
26 April 2011 rancid(1)