Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2009-03-09 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Did your DST rollforward work?

Published: 2009-03-09
Last Updated: 2009-03-09 22:07:42 UTC
by Joel Esler (Version: 4)
0 comment(s)

If you have a Cisco IP phone, your DST rollfoward may not have worked, so you might want to rely on a different clock until the issues gets fixed.

Update:  This only affects the Linux version of the Cisco CallManager.

Reader Steven (Thanks Steven) to tell us about an issue with Cisco IP phones.  Specifically  Cisco IP Phone Models: 7905, 7910, 7912, 7920, 7921, 7935, 7936, 7937, 7940, 7960.

There are three work arounds if you are affected by this issue according to Cisco:

Workaround #1:
Do nothing and wait for time to automatically correct on March 15.
--------------------------

Workaround #2:
Apply a temporary configuration workaround. Note this workaround will have to be removed when system is patched or after March 15, whichever comes first.
a. Using CUCM Admin go to: System---Date / Time Group
b. Create new Date / Time group with one hour extra of local time.
c. Go to System --- Device pool
d. Create a New Device pool and assign the (one hour extra Date time
group) to this device pool.
e. Assign the new Device pool to and Cisco IP Phones that are displaying
the incorrect time.
f. use BAT or BPS to apply to specific groups based on (devicemodel,currentdevicepool).
Remember, this change will have to be backed out after patching the system or after March 15, whichever comes first.
--------------------------

Workaround #3:
Apply a patch to be released by Cisco. Updates coming soon.

I would publish a link to Cisco's bug database, but apparently it's offline right now.

Update 2:  Soon after I published this, Cisco published a patch to fix the issue.

Not necessarily security related, but it might affect when you go home today!

-- Joel Esler http://www.joelesler.net

Keywords:
0 comment(s)

Yes, the w00tw00t continues.

Published: 2009-03-09
Last Updated: 2009-03-09 20:57:37 UTC
by Joel Esler (Version: 1)
1 comment(s)

Every day we get at least one email asking about a string they find in their own weblogs.

It'll look something like this:

/w00tw00t.at.ISC.SANS.DFind

or

/w00tw00t.at.ISC.SANS.test0

As we detailed on the website, about 4 years ago.  This tool has nothing to do with the ISC:

http://isc.sans.org/diary.html?storyid=900

We disavow and disapprove of it's unauthorized use.

These are not the droids you are looking for.

-- Joel Esler http://www.joelesler.net

Keywords:
1 comment(s)

Foxit Reader update

Published: 2009-03-09
Last Updated: 2009-03-09 13:51:20 UTC
by Joel Esler (Version: 1)
0 comment(s)

With all the talk about Adobe Reader 0-days lately, many people have written into the ISC suggesting that we tell people about the other PDF viewers out there, such as Foxit.  Well, just to let you know, they have some patches out as well.

Detailed here, you can see some information about the patches. 

http://www.foxitsoftware.com/pdf/reader/security.htm

So, if you are a user of foxit, make sure you get out there and patch it as well!

 

-- Joel Esler http://www.joelesler.net

Keywords:
0 comment(s)
Diary Archives