SlideShare a Scribd company logo

Owning NX-OS - t2 2010

B
blh42

George Hedfors is an IT and information security consultant who has discovered several vulnerabilities in Cisco's NX-OS operating system. He found exploitable vulnerabilities by extracting files from Cisco installation packages and digging into the underlying Linux-based system. Some of the vulnerabilities he uncovered included undocumented CLI commands, a CLI escape mechanism, and an undocumented user account with a default password.

EducationTechnology
1 of 19
George Hedfors • Working for Cybercom Sweden East AB (http://www.cybercomgroup.com) • 12 years as IT- and information security consultant – Previously worked for iX Security, Defcom, NetSec, n.runs and Pinion Contact george.hedfors@cybercomgroup.com Web page http://george.hedfors.com Owning the data centre, Cisco NX-OS 2010-09-28 T2 20101
• Short intro to Cisco NX-OS • History of research • Overview of underlying Linux • Disclosure of vulnerabilities – Undocumented CLi commands – Command line interface escape – Layer 2 attack – Undocumented user account – 2nd CLi escape (delayed) – IDDQD… • FAQ Topics 2010-09-28 T22
• Based on MontaVista (http://www.mvista.com)embedded Linux with kernel 2.6.10 • VDC Virtualization, Virtual Device Context What is NX-OS? 2010-09-28 T2 20103 Nexus 4000 (for IBM BladeCenter) Nexus 5000 Nexus 7000 MDS 9500 FC Directors MDS 9222i FC Switch MDS 9100 FC Switches
• Accidentally made a Cisco-7020 fall over due to an 9 years old denial of service attack • Was able to recover CORE dumps from the attack • Able to extract all files from the Cisco .bin installation package • Found a number of exploitable vulnerabilities To do • Dig deeper into Cisco VDC/VRF security What has been done 2010-09-28 T24
Typical environment • Banking/finance • Other large data centers Impact • Full exposure of interconnected networks and VLAN’s • Possibility to eavesdrop and traffic modification • Switch based rootkit installation? Cisco 7000-series 2010-09-28 T25
Overview 2010-09-28 T26
Teh Linux 2010-09-28 T27
DC3 Shell ‘the regular Cisco cli’ • Configurations contain ‘hidden’ commands Hidden commands 2010-09-28 T28
Escaping CLi 2010-09-28 T29
How could that happened?! 2010-09-28 T210
Br0ken architecture 2010-07-06 Company presentation11 Everything is running as root Everyone can execute with SUDO Even binaries execute using SUDO..
Cisco Discovery Protocol (CDP) • 2001, FX crafted the first CDP DoS attack • 2010, the CDP attack was rediscovered in NX-OS What about layer 2? 2010-09-28 T212 • CDP has become demonized and is now running under the ‘root’ user context
The core dump 2010-09-28 T213
So, where ‘ftpuser’ come from? Default user? Backdoor? Easter egg? Recovered password ‘nbv123’ Undocumented user account 2010-09-28 T214
Searching for ‘nbv123’ 2010-09-28 T215
IDDQD? God Mode!! 2010-09-28 T216
• CSCti03724 – CLI escape in NX-OS using GDB – Workaround: None – Fixed in NX-OS 4.1(4) • CSCti04026 – Undocumented user available with default password on NX-OS system – Workaround: None • CSCtf08873 – CDP with long hostname crashes CDPD on N7k – Workaround: Disable CDP • CSCti85295 – NX-OS: SUDO privilege escalation – Workaround: None Bug tracking 2010-09-28 T217
Special thanks to Juan-Manuel Gonzales, PSIRT Incident Manager <juagonza@cisco.com> Thanks 2010-09-28 T218
Questions? Contact george.hedfors@cybercomgroup.com FAQ 2010-09-28 T219

Recommended

Owning nx os-sec-t_2010
Owning nx os-sec-t_2010Owning nx os-sec-t_2010
Owning nx os-sec-t_2010blh42
 
Puppet for Production in WebEx - PuppetConf 2013
Puppet for Production in WebEx - PuppetConf 2013Puppet for Production in WebEx - PuppetConf 2013
Puppet for Production in WebEx - PuppetConf 2013Puppet
 
HWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletHWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletNemanja Nikodijević
 
Debunking VMware NSX
Debunking VMware NSXDebunking VMware NSX
Debunking VMware NSXAndrea Mauro
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月
MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月
MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月VirtualTech Japan Inc.
 
OpenStack Introduction
OpenStack IntroductionOpenStack Introduction
OpenStack IntroductionRoozbeh Shafiee
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...LinuxCon ContainerCon CloudOpen China
 

Recommended

Owning nx os-sec-t_2010
Owning nx os-sec-t_2010Owning nx os-sec-t_2010
Owning nx os-sec-t_2010blh42
 
Puppet for Production in WebEx - PuppetConf 2013
Puppet for Production in WebEx - PuppetConf 2013Puppet for Production in WebEx - PuppetConf 2013
Puppet for Production in WebEx - PuppetConf 2013Puppet
 
HWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletHWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletNemanja Nikodijević
 
Debunking VMware NSX
Debunking VMware NSXDebunking VMware NSX
Debunking VMware NSXAndrea Mauro
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月
MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月
MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月VirtualTech Japan Inc.
 
OpenStack Introduction
OpenStack IntroductionOpenStack Introduction
OpenStack IntroductionRoozbeh Shafiee
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...LinuxCon ContainerCon CloudOpen China
 
Модель Портера - Лоулера
Модель Портера - ЛоулераМодель Портера - Лоулера
Модель Портера - ЛоулераArtem Mazaev
 
2016 Wimbledon Hospitality Brochure
2016 Wimbledon Hospitality Brochure2016 Wimbledon Hospitality Brochure
2016 Wimbledon Hospitality BrochureDuncan Morris
 
Conf-Sessions
Conf-SessionsConf-Sessions
Conf-SessionsHamdi Kandil
 
Metamorfosis en Colombia
Metamorfosis en ColombiaMetamorfosis en Colombia
Metamorfosis en ColombiaRollef
 
Teste
TesteTeste
TesteCIJorg
 
Khurram Mahmood Gondal 6-7-2014
Khurram Mahmood Gondal 6-7-2014Khurram Mahmood Gondal 6-7-2014
Khurram Mahmood Gondal 6-7-2014khurram gondal
 
Acoso psicologico en el trabajo
Acoso psicologico en el trabajoAcoso psicologico en el trabajo
Acoso psicologico en el trabajoColegio de Medicos del Guayas
 
Resume 2016
Resume 2016Resume 2016
Resume 2016Philip Mills-Lutterodt
 
Northern Tier Discussion Deck Presentation
Northern Tier Discussion Deck PresentationNorthern Tier Discussion Deck Presentation
Northern Tier Discussion Deck PresentationModicum
 
Enciclopedia de Ejercicios de Estiramientos
Enciclopedia de Ejercicios de Estiramientos Enciclopedia de Ejercicios de Estiramientos
Enciclopedia de Ejercicios de Estiramientos Rollef
 
Arthur Lawrence Corporate Overview
Arthur Lawrence Corporate OverviewArthur Lawrence Corporate Overview
Arthur Lawrence Corporate OverviewModicum
 
Molekule Pharmaceuticals Marketing Suite Presentation
Molekule Pharmaceuticals Marketing Suite PresentationMolekule Pharmaceuticals Marketing Suite Presentation
Molekule Pharmaceuticals Marketing Suite PresentationModicum
 
Traverse Survey Part 1/2
Traverse Survey Part 1/2Traverse Survey Part 1/2
Traverse Survey Part 1/2Muhammad Zubair
 
Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10
Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10
Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10Mikhail Grafsky
 
UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"
UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"
UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"UX STRAT
 
Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014Mirantis
 
Episode 2 Installation Triton Slides
Episode 2 Installation Triton SlidesEpisode 2 Installation Triton Slides
Episode 2 Installation Triton SlidesLaura Hood
 
Presentation deploying cloud based services
Presentation deploying cloud based servicesPresentation deploying cloud based services
Presentation deploying cloud based servicesxKinAnx
 
CELC_Цифровые медиа и Физическая безопасность
CELC_Цифровые медиа и Физическая безопасностьCELC_Цифровые медиа и Физическая безопасность
CELC_Цифровые медиа и Физическая безопасностьCisco Russia
 
Webinar: Faster, Smarter, Simpler – The New Requirements in Storage Networking
Webinar: Faster, Smarter, Simpler – The New Requirements in Storage NetworkingWebinar: Faster, Smarter, Simpler – The New Requirements in Storage Networking
Webinar: Faster, Smarter, Simpler – The New Requirements in Storage NetworkingStorage Switzerland
 
Protegendo sua cloud
Protegendo sua cloud Protegendo sua cloud
Protegendo sua cloud Cisco do Brasil
 
Presentation data center partner technical
Presentation data center partner technicalPresentation data center partner technical
Presentation data center partner technicalxKinAnx
 

More Related Content

Viewers also liked

Модель Портера - Лоулера
Модель Портера - ЛоулераМодель Портера - Лоулера
Модель Портера - ЛоулераArtem Mazaev
 
2016 Wimbledon Hospitality Brochure
2016 Wimbledon Hospitality Brochure2016 Wimbledon Hospitality Brochure
2016 Wimbledon Hospitality BrochureDuncan Morris
 
Metamorfosis en Colombia
Metamorfosis en ColombiaMetamorfosis en Colombia
Metamorfosis en ColombiaRollef
 
Khurram Mahmood Gondal 6-7-2014
Khurram Mahmood Gondal 6-7-2014Khurram Mahmood Gondal 6-7-2014
Khurram Mahmood Gondal 6-7-2014khurram gondal
 
Northern Tier Discussion Deck Presentation
Northern Tier Discussion Deck PresentationNorthern Tier Discussion Deck Presentation
Northern Tier Discussion Deck PresentationModicum
 
Enciclopedia de Ejercicios de Estiramientos
Enciclopedia de Ejercicios de Estiramientos Enciclopedia de Ejercicios de Estiramientos
Enciclopedia de Ejercicios de Estiramientos Rollef
 
Arthur Lawrence Corporate Overview
Arthur Lawrence Corporate OverviewArthur Lawrence Corporate Overview
Arthur Lawrence Corporate OverviewModicum
 
Molekule Pharmaceuticals Marketing Suite Presentation
Molekule Pharmaceuticals Marketing Suite PresentationMolekule Pharmaceuticals Marketing Suite Presentation
Molekule Pharmaceuticals Marketing Suite PresentationModicum
 
Traverse Survey Part 1/2
Traverse Survey Part 1/2Traverse Survey Part 1/2
Traverse Survey Part 1/2Muhammad Zubair
 
Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10
Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10
Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10Mikhail Grafsky
 
UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"
UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"
UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"UX STRAT
 

Viewers also liked (15)

Модель Портера - Лоулера
Модель Портера - ЛоулераМодель Портера - Лоулера
Модель Портера - Лоулера
 
2016 Wimbledon Hospitality Brochure
2016 Wimbledon Hospitality Brochure2016 Wimbledon Hospitality Brochure
2016 Wimbledon Hospitality Brochure
 
Conf-Sessions
Conf-SessionsConf-Sessions
Conf-Sessions
 
Metamorfosis en Colombia
Metamorfosis en ColombiaMetamorfosis en Colombia
Metamorfosis en Colombia
 
Teste
TesteTeste
Teste
 
Khurram Mahmood Gondal 6-7-2014
Khurram Mahmood Gondal 6-7-2014Khurram Mahmood Gondal 6-7-2014
Khurram Mahmood Gondal 6-7-2014
 
Acoso psicologico en el trabajo
Acoso psicologico en el trabajoAcoso psicologico en el trabajo
Acoso psicologico en el trabajo
 
Resume 2016
Resume 2016Resume 2016
Resume 2016
 
Northern Tier Discussion Deck Presentation
Northern Tier Discussion Deck PresentationNorthern Tier Discussion Deck Presentation
Northern Tier Discussion Deck Presentation
 
Enciclopedia de Ejercicios de Estiramientos
Enciclopedia de Ejercicios de Estiramientos Enciclopedia de Ejercicios de Estiramientos
Enciclopedia de Ejercicios de Estiramientos
 
Arthur Lawrence Corporate Overview
Arthur Lawrence Corporate OverviewArthur Lawrence Corporate Overview
Arthur Lawrence Corporate Overview
 
Molekule Pharmaceuticals Marketing Suite Presentation
Molekule Pharmaceuticals Marketing Suite PresentationMolekule Pharmaceuticals Marketing Suite Presentation
Molekule Pharmaceuticals Marketing Suite Presentation
 
Traverse Survey Part 1/2
Traverse Survey Part 1/2Traverse Survey Part 1/2
Traverse Survey Part 1/2
 
Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10
Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10
Слайды к конференции "Маркетинг Финансовых Услуг" 24.06.10
 
UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"
UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"
UX STRAT USA: Calvin Robertson, "Enterprise UX at the Federal Reserve Bank"
 

Similar to Owning NX-OS - t2 2010

Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014Mirantis
 
Episode 2 Installation Triton Slides
Episode 2 Installation Triton SlidesEpisode 2 Installation Triton Slides
Episode 2 Installation Triton SlidesLaura Hood
 
Presentation deploying cloud based services
Presentation deploying cloud based servicesPresentation deploying cloud based services
Presentation deploying cloud based servicesxKinAnx
 
CELC_Цифровые медиа и Физическая безопасность
CELC_Цифровые медиа и Физическая безопасностьCELC_Цифровые медиа и Физическая безопасность
CELC_Цифровые медиа и Физическая безопасностьCisco Russia
 
Webinar: Faster, Smarter, Simpler – The New Requirements in Storage Networking
Webinar: Faster, Smarter, Simpler – The New Requirements in Storage NetworkingWebinar: Faster, Smarter, Simpler – The New Requirements in Storage Networking
Webinar: Faster, Smarter, Simpler – The New Requirements in Storage NetworkingStorage Switzerland
 
Presentation data center partner technical
Presentation data center partner technicalPresentation data center partner technical
Presentation data center partner technicalxKinAnx
 
SDN for Network Operators
SDN for Network OperatorsSDN for Network Operators
SDN for Network OperatorsFIBRE Testbed
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network ViewNeuVector
 
Presentation cloud computing and the internet
Presentation cloud computing and the internetPresentation cloud computing and the internet
Presentation cloud computing and the internetxKinAnx
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPEMichelle Holley
 
数据中心网络研究:机遇与挑战
数据中心网络研究:机遇与挑战数据中心网络研究:机遇与挑战
数据中心网络研究:机遇与挑战Weiwei Fang
 
End-to-End Data Center Virtualization
End-to-End Data Center VirtualizationEnd-to-End Data Center Virtualization
End-to-End Data Center VirtualizationCisco Canada
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunityxKinAnx
 
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...Softcorp
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Jiunn-Jer Sun
 
Quick Introduction to OpenStack Neutron and SDN feat. MidoNet
Quick Introduction to OpenStack Neutron and SDN feat. MidoNetQuick Introduction to OpenStack Neutron and SDN feat. MidoNet
Quick Introduction to OpenStack Neutron and SDN feat. MidoNetSandro Mathys
 
vBrownBag OpenStack Networking Talk
vBrownBag OpenStack Networking TalkvBrownBag OpenStack Networking Talk
vBrownBag OpenStack Networking Talkmestery
 

Similar to Owning NX-OS - t2 2010 (20)

Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014
 
Episode 2 Installation Triton Slides
Episode 2 Installation Triton SlidesEpisode 2 Installation Triton Slides
Episode 2 Installation Triton Slides
 
Presentation deploying cloud based services
Presentation deploying cloud based servicesPresentation deploying cloud based services
Presentation deploying cloud based services
 
CELC_Цифровые медиа и Физическая безопасность
CELC_Цифровые медиа и Физическая безопасностьCELC_Цифровые медиа и Физическая безопасность
CELC_Цифровые медиа и Физическая безопасность
 
Webinar: Faster, Smarter, Simpler – The New Requirements in Storage Networking
Webinar: Faster, Smarter, Simpler – The New Requirements in Storage NetworkingWebinar: Faster, Smarter, Simpler – The New Requirements in Storage Networking
Webinar: Faster, Smarter, Simpler – The New Requirements in Storage Networking
 
Protegendo sua cloud
Protegendo sua cloud Protegendo sua cloud
Protegendo sua cloud
 
Presentation data center partner technical
Presentation data center partner technicalPresentation data center partner technical
Presentation data center partner technical
 
SDN for Network Operators
SDN for Network OperatorsSDN for Network Operators
SDN for Network Operators
 
Building a Digital Telco
Building a Digital TelcoBuilding a Digital Telco
Building a Digital Telco
 
Mellanox's Technological Advantage
Mellanox's Technological AdvantageMellanox's Technological Advantage
Mellanox's Technological Advantage
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network View
 
Presentation cloud computing and the internet
Presentation cloud computing and the internetPresentation cloud computing and the internet
Presentation cloud computing and the internet
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 
数据中心网络研究:机遇与挑战
数据中心网络研究:机遇与挑战数据中心网络研究:机遇与挑战
数据中心网络研究:机遇与挑战
 
End-to-End Data Center Virtualization
End-to-End Data Center VirtualizationEnd-to-End Data Center Virtualization
End-to-End Data Center Virtualization
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunity
 
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018
 
Quick Introduction to OpenStack Neutron and SDN feat. MidoNet
Quick Introduction to OpenStack Neutron and SDN feat. MidoNetQuick Introduction to OpenStack Neutron and SDN feat. MidoNet
Quick Introduction to OpenStack Neutron and SDN feat. MidoNet
 
vBrownBag OpenStack Networking Talk
vBrownBag OpenStack Networking TalkvBrownBag OpenStack Networking Talk
vBrownBag OpenStack Networking Talk
 

Recently uploaded

Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesShubhangi Sonawane
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 

Recently uploaded (20)

Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 

Owning NX-OS - t2 2010

  • 1. George Hedfors • Working for Cybercom Sweden East AB (http://www.cybercomgroup.com) • 12 years as IT- and information security consultant – Previously worked for iX Security, Defcom, NetSec, n.runs and Pinion Contact george.hedfors@cybercomgroup.com Web page http://george.hedfors.com Owning the data centre, Cisco NX-OS 2010-09-28 T2 20101
  • 2. • Short intro to Cisco NX-OS • History of research • Overview of underlying Linux • Disclosure of vulnerabilities – Undocumented CLi commands – Command line interface escape – Layer 2 attack – Undocumented user account – 2nd CLi escape (delayed) – IDDQD… • FAQ Topics 2010-09-28 T22
  • 3. • Based on MontaVista (http://www.mvista.com)embedded Linux with kernel 2.6.10 • VDC Virtualization, Virtual Device Context What is NX-OS? 2010-09-28 T2 20103 Nexus 4000 (for IBM BladeCenter) Nexus 5000 Nexus 7000 MDS 9500 FC Directors MDS 9222i FC Switch MDS 9100 FC Switches
  • 4. • Accidentally made a Cisco-7020 fall over due to an 9 years old denial of service attack • Was able to recover CORE dumps from the attack • Able to extract all files from the Cisco .bin installation package • Found a number of exploitable vulnerabilities To do • Dig deeper into Cisco VDC/VRF security What has been done 2010-09-28 T24
  • 5. Typical environment • Banking/finance • Other large data centers Impact • Full exposure of interconnected networks and VLAN’s • Possibility to eavesdrop and traffic modification • Switch based rootkit installation? Cisco 7000-series 2010-09-28 T25
  • 8. DC3 Shell ‘the regular Cisco cli’ • Configurations contain ‘hidden’ commands Hidden commands 2010-09-28 T28
  • 10. How could that happened?! 2010-09-28 T210
  • 11. Br0ken architecture 2010-07-06 Company presentation11 Everything is running as root Everyone can execute with SUDO Even binaries execute using SUDO..
  • 12. Cisco Discovery Protocol (CDP) • 2001, FX crafted the first CDP DoS attack • 2010, the CDP attack was rediscovered in NX-OS What about layer 2? 2010-09-28 T212 • CDP has become demonized and is now running under the ‘root’ user context
  • 14. So, where ‘ftpuser’ come from? Default user? Backdoor? Easter egg? Recovered password ‘nbv123’ Undocumented user account 2010-09-28 T214
  • 17. • CSCti03724 – CLI escape in NX-OS using GDB – Workaround: None – Fixed in NX-OS 4.1(4) • CSCti04026 – Undocumented user available with default password on NX-OS system – Workaround: None • CSCtf08873 – CDP with long hostname crashes CDPD on N7k – Workaround: Disable CDP • CSCti85295 – NX-OS: SUDO privilege escalation – Workaround: None Bug tracking 2010-09-28 T217
  • 18. Special thanks to Juan-Manuel Gonzales, PSIRT Incident Manager <juagonza@cisco.com> Thanks 2010-09-28 T218

Editor's Notes

  1. Each VDC runs as each own entity within the device