A while back someone mentioned they needed certificates like Cisco etc.
had to get OpenBSD used by their organisation. Well they're certainly
certified now, lunatics that is.
I didn't have a great opinion of Cisco but this went from funny to more
than a joke.
A big thankyou to OpenBSDs no shit attitude and for making the world a
better place on so many levels.
Begin forwarded message:
Date: Wed, 25 May 2011 10:26:13 -0500
Subject: [osvdb] Cisco Security Advisory: Cisco RVS4000 and WRVS4400N
Web Management Interface Vulnerabilities
Details
=======
The Cisco RVS4000 and WRVS4400N Gigabit Security Routers deliver
high-speed network access and IPsec VPN capabilities for small
businesses. They also provides firewall and intrusion prevention
capabilities.
The Cisco RVS4000 and WRVS4400N Gigabit Security Routers contain
three web management interface vulnerabilities:
* Retrieval of the configuration file
If an administrator of the device has previously created a backup
of the configuration, using Administration --> Backup & Restore
--> Backup, it is possible for a remote unauthenticated user to
access the backup configuration file. This file contains all
configuration parameters of the device, including the HTTP
authentication password and VPN pre-shared-keys (PSKs).
* Root operating system arbitrary command injection by an
authenticated attacker
A user who is authenticated to the device can inject arbitrary
commands into the underlying operating system with root
privileges, via the ping test and traceroute test parameters.
* Retrieval of admin SSL certificate private key
The admin SSL certificate private and public keys can be
retrieved (used for Quick VPN) by a remote unauthenticated user.
+------------------------------------------------------------+
| Affected | Availability of First Fixed Release |
| Product | |
| | 2011. |
| | 2011. |
| | 2011. |
+------------------------------------------------------------+
