A pretty big flaw has been release under CVE-2016-5195 that allows a privilege escalation attack in the Linux Kernel that has been there since 2007. The conditions are almost impossible to reach in normal operations but some programs have been released to force those conditions by using two threads.
To reproduce it:
1. Download the dirtyc0w.c file from https://github.com/dirtycow/dirtycow.github.io
2. Compile it using gcc for example:
gcc -pthread dirtyc0w.c -o dirtyc0w
3. Use it as follow:
./dirtyc0w <file_to_modify> <new_file_content>
4. Obviously, thanks to Dirty Cow, the <file_to_modify> can be a file on which the user does not have permission to modify, including root files !
The flaw works by writing to memory the new content so you cannot write content longer than the original size. If you attempt to write "123456" to a file containing "456", it will write "123".
I recently installed Ubuntu 12.04.1 TLS on one of my servers running Windows Server 2008 R2, following a reboot BIOS was stuck with an error message indicated that no valid media was inserted that allowed it to boot.
I verified and re-verified boot order, no problem, hard drive was indeed detected and first in boot order. I put back the DVD reader and started the server with Ubuntu Live CD.
I then noticed that the recently installed Ubuntu was indeed there and well installed by mounting the partition.
Issue was with the Grub, to repair it using Boot Repair from Ubuntu Live CD:
- Connect to the internet.
- Open a terminal, add the repository and install boot-repair.
- Then start Boot Repair and choose ”Recommended repair”.
- Remove the Live CD and reboot the computer, it will start correctly on the hard drive.
Following a Pause or a Stoppage of a virtual machine it's possible that the following message pops up:
If that is the case you can get ride of this error by deleting the folder <vm_name>.lck that is located where the virtual machine is stored.
Then the virtual machine should start successfully.
Receiving error: 500.19 0x8007007e
"The requested page cannot be accessed because the related configuration data for the page is invalid."
To fix this error do the following:
Open a command prompt.
If you need to enable it back:
After modifying a Cisco (router/switch) equipment's configuration it's possible that the configuration service of the equipment activates. This services will generate TFTP (Trivial File Transfer Protocol) broadcast requests on all interfaces of the equipment looking for a configuration on the network. It generates the following log message on the equipment:
- %Error opening tftp://255.255.255.255/network-confg
- %Error opening tftp://255.255.255.255/cisconet.cfg
- %Error opening tftp://255.255.255.255/3620-confg
- %Error opening tftp://255.255.255.255/3620.cfg
This service can be annoying if you have a TFTP server running on your network as it will try to reply to those requests ; moreover, it slows down equipment's boot time as it will wait for requests to be replied or time out to finish booting up.
To disable that service use the following commands:
Source : Cisco official related page
If you have deleted the IOS in memory from a Cisco router and rebooted the router, it will started in ROMmon (ROM Monitor) mode.
Once you get ROMmon prompt, you will have to set some variable's values to be able to execute on IOS transfer from a TFTP server:
Once completed, use "reset" command to reboot the router. You can then make sure the IOS has been correctly transfered in flash memory using the following command:
This tutorial demonstrates a potential looping risk introduced by BPDU filter.
Below is the lab architecture which will be used that include 2 Cisco Catalayst 2950.
Below are interesting configuration's parts of both switches:
We see that the following configuration has been applied to F0/44 on sw01:
That configuration will actually prevent switches to detect the loop as there won't be anymore BPDUs sent and received on F0/44.
By pinging, switch will send a broadcast ARP request to try and find the corresponding MAC address associated with the IP address. Yet, because of BPDU filtering applied to F0/44 of sw01 that broadcast will loop indefinitely between sw01 and sw02.
Below is the results of several show interface f0/44 and we note that traffic increases constantly on input and output (see input/output rate, Received X broadcasts):
That problem can be fixed several ways:
- Shutdown/no shutdown of port (yet if configuration and cabling remains the same the issue will re-occur quickly)
- removing the loop by shutting down the port or unplugging the cable permanently
- Changing spanning tree configuration (especially BPDU filter)
- Apply a storm-control configuration
What's next focuses on the last solution: applying storm-control configuration.
Storm-control allows to define a limit, in PPS (Packets Per Second) or percentage along with an associated action to apply if the thershold is reached (send an alarm or shutdown port). Here we will shutdown the port to remove the loop.
Storm-control is applied on a per-interface basis and must define a packet type (unicast, multicast, broadcast), a threshold at which an alarm is raised and a threshold at which switch will consider trafic is back to standards. Below is shown how storm-control is applied, then a ping is started, thus generating a brodcast (once again due to the ARP request generated by the switch in order to find the MAC address associated to the IP address); finally show storm-control broadcast allows to see storm-control's activities:
Instead of copy/pasting the content of the post, I am linking here a post to Cisco's support forum to a very useful post I found about Cisco's Access Points images naming convention: >> link here <<
If you need to call a URL from a Cisco router (example: call a Web Service which will send an email...) as you would do using a WGET on a UNIX or Windows computer, here are two ways of doing it:
1. Using an IP SLA
The section http-raw-request will allow you to add HTTP headers if needed: for example, « Authorization: » header will allow the router to authenticate to the web page. That header si followed by authentication type (here « Basic ») and the string encoded in Base64: « username:password ». Which gives YWRtaW46cGFzc3dvcmQ= for admin:password .
You can then start the SLA using ip sla schedule 10...
2. Using a TCL script
The same kind of request can be created using a TCL script (saved in router's flash memory for example) and then directly called for the CLI with tclsh flash:script.tcl arg1 arg2 arg3 ...
Here is an example of TCL script saved in flash:
Here are a couple comments on that script
- Many TCL script examples will tell you to add the reference to http this way:
Yet, Cisco stores librairies in « tmpsys:lib/tcl/» hence the following command:
- To add HTTP headers you have to add parameter -headers which is then followed by headers formatted this way:
So you should always have an even number of strings after parameter -headers . If a header requires a value with spaces in it you have to escape " using \" .