« Home | You never know... » | Hackacon 2008 » | Vtiger CRM Exploit ( 0-day ) » | The real reason... » | Defcon in the Philippines » | Free mobile yahoo » | New version of metasploit released » | Dotproject Exploit ( 0day ) » | Pangasinan State University's Xsystem 2007 » | HSBC Security Device »

Obviously backdoored

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1157
http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml

"CiscoWorks IPM is a troubleshooting application that gauges network response time and availability. It is available as a component within the CiscoWorks LAN Management Solution (LMS) bundle. IPM version 2.6 for Solaris and Windows contains a process that causes a command shell to automatically be bound to a randomly selected TCP port. Remote, unauthenticated users are able to connect to the open port and execute arbitrary commands with casuser privileges on Solaris systems and with SYSTEM privileges on Windows systems."


App na naggagauge ng network time magbubukas ng bindhsell!? Ayusin mo, Cisco!