A while back someone mentioned they needed certificates like Cisco etc. had to get OpenBSD used by their organisation. Well they're certainly certified now, lunatics that is.
I didn't have a great opinion of Cisco but this went from funny to more than a joke. A big thankyou to OpenBSDs no shit attitude and for making the world a better place on so many levels. Begin forwarded message: Date: Wed, 25 May 2011 10:26:13 -0500 Subject: [osvdb] Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities Details ======= The Cisco RVS4000 and WRVS4400N Gigabit Security Routers deliver high-speed network access and IPsec VPN capabilities for small businesses. They also provides firewall and intrusion prevention capabilities. The Cisco RVS4000 and WRVS4400N Gigabit Security Routers contain three web management interface vulnerabilities: * Retrieval of the configuration file If an administrator of the device has previously created a backup of the configuration, using Administration --> Backup & Restore --> Backup, it is possible for a remote unauthenticated user to access the backup configuration file. This file contains all configuration parameters of the device, including the HTTP authentication password and VPN pre-shared-keys (PSKs). * Root operating system arbitrary command injection by an authenticated attacker A user who is authenticated to the device can inject arbitrary commands into the underlying operating system with root privileges, via the ping test and traceroute test parameters. * Retrieval of admin SSL certificate private key The admin SSL certificate private and public keys can be retrieved (used for Quick VPN) by a remote unauthenticated user. +------------------------------------------------------------+ | Affected | Availability of First Fixed Release | | Product | | | | 2011. | | | 2011. | | | 2011. | +------------------------------------------------------------+