tag:blogger.com,1999:blog-47707747604951723812024-03-07T19:54:28.355+11:00Wad of StuffIT infrastructure automation, security research, tools, tips and tricks.Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.comBlogger57125tag:blogger.com,1999:blog-4770774760495172381.post-10136949731020850612015-11-16T21:20:00.000+11:002016-03-12T11:46:26.776+11:00CVE-2015-6357: FirePWNER Exploit for Cisco FireSIGHT Management Center SSL Validation VulnerabilityIntroduction
On its own the Cisco FireSIGHT Management Center Certificate Validation
Vulnerability is a medium severity vulnerability with a CVSS of 5.1.
However, this vulnerability is an example of why SSL certificate validation is so
important. In this exploit I will demonstrate how the vulnerability can be leveraged
to obtain privileged remote command execution on a Cisco FireSIGHT system. TheMatthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-84776386783278205762015-04-09T09:05:00.000+10:002015-04-09T09:05:08.832+10:00Project Repositories Have Moved to GitHubWith Google announcing last month that they are shutting down Google Code I have moved my old and unloved code repositories to GitHub. The main code base that seems to still be in use by others is the Django Full Serializer which I may split out into its own repository one day.Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.comtag:blogger.com,1999:blog-4770774760495172381.post-50097197276396549222012-03-09T10:16:00.002+11:002012-03-09T10:16:41.050+11:00Creating Stronger Self-Signed SSL Certificates For TestingI prefer to use Google Chrome (developer channel) as my web browser and recently it began complaining about the self-signed SSL certificates I was using on a number of internal web applications I have developed. The error Chrome displayed was:
The site's security certificate is signed using a weak signature algorithm!
[snip]
I originally created the certificates using the instructions in Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com4tag:blogger.com,1999:blog-4770774760495172381.post-41082442909989968322011-08-16T18:55:00.002+10:002011-08-16T19:55:04.751+10:00Security Advisory: Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management ProductsProduct: Check Point Security Management:
Multi-Domain Security Management / Provider-1
SmartCenter
Vulnerable version: multiple products, see sections below
Fixed version: multiple products, see sections below
CVE number: CVE-2011-2664
Impact: high
Homepage: http://www.checkpoint.com
Found: 2010-08-13
By: Matthew Flanagan http://wadofstuff.blogspot.com
Vendor Product Description
Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com2tag:blogger.com,1999:blog-4770774760495172381.post-21459732911530236182011-07-12T15:24:00.000+10:002011-07-12T15:24:46.713+10:00SST/JASS 4.2.2 is outJason Callaway has posted a new version of SST (aka JASS). The new release of version 4.2.2 addresses a change in passwd behaviour in relation to locking NP accounts.
Download the new version.Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-86912901444743632152011-06-14T16:26:00.000+10:002011-06-14T16:26:22.324+10:00Django gets support for IPv6 fieldsMy favorite web development framework recently committed some code to add support for IPv6 addresses in data models. The commit closes a ticket I opened 6 years ago. Congratulations to Erik Romijn for finally closing this off. Better late than never :)
The new code differs from my original code in a number of ways. First of all it has better testing and documentation. Second, it does IPv6 Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com2tag:blogger.com,1999:blog-4770774760495172381.post-67455495638366616412011-02-22T22:18:00.003+11:002011-02-22T22:31:01.751+11:00Service Tags Nmap Script AcceptedThe Nmap NSE script to probe for Sun Service Tags that I wrote last December has been committed to the Nmap trunk. Many thanks to David Fifield for his advice, testing and elegant refactoring of my newbie LUA code to make it more robust.I expect the code will live on in the Nmap subversion repository rather than my own from now on. If you'd like to use the script you can get it from here or wait Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-11639443203215522342010-12-14T15:41:00.007+11:002010-12-14T16:18:35.095+11:00Sun Service Tags Nmap Discovery ScriptOracle/Sun has had a software agent available for a few years now that runs on numerous operating systems (Solaris 8,9,10, RHEL, OEL, SuSE, and Windows) which enables automatic discovery of assets including software and hardware. The agent is called Sun Service Tags and it provides a way to query a system over a LAN and find out about the hardware, OS, and some of the software installed on it (I Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-74703527288739514822010-11-10T10:30:00.002+11:002010-11-10T10:42:38.585+11:00Oracle Solaris Summit - Solaris 11The live stream and slides for the Oracle Solaris Summit have been posted here.The slides cover a range of topics on Solaris 11. Of interest are the Image Packaging System and Deploying Oracle Solaris 11 in the Enterprise presentations.The lack of custom scripting hooks in both IPS and the new installer, AI, should be of a concern to anyone who has large customized Jumpstart environments. Don't Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-83424349475371225852010-09-09T10:47:00.002+10:002010-09-09T10:49:31.192+10:00Oracle Solaris 10 9/10 availableFurther to my last post Oracle Solaris 10 9/10 has been released and is available to download.Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-49252247489817775452010-09-01T13:35:00.002+10:002010-09-01T13:42:07.243+10:00Oracle Solaris 10 9/10Solaris 10 Update 9 appears to be almost out the door. The Release Notes and What's New are available but not directly linked from the front page of docs.sun.com yet.Highlights:Oracle Solaris Auto Registration is built in to the installer.Triple Parity RAID-Z (raidz3)zpool split for splitting mirrored pools.HP Smart Array HBA driver is bundled.BIND 9.6.1 DNS serverand more...Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com2tag:blogger.com,1999:blog-4770774760495172381.post-6453739483936157622009-11-25T09:53:00.003+11:002010-06-25T08:50:18.415+10:00Package Installation Do's and Don'tsAn important note from Gerry Haskins: Do not apply packages from one Update onto a system installed with a different Update.Cherry picking packages from a newer Solaris 10 update and installing them on a system running an older update will result in an unsupported configuration and likely lead to system corruption.Note also that adding a package from the same update means that you will have to Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com2tag:blogger.com,1999:blog-4770774760495172381.post-17236504968024153562009-11-17T16:50:00.001+11:002009-11-17T16:50:00.325+11:00Behaviour Driven InfrastructureI've been following the development of puppet for many years and this gem of a thread caught my attention recently. Martin Englund asks the Puppet Users mailing list:how do you validate that puppet has done what it is supposed to, and even troublesome, how you validate that it has done what you intended it to do?This is something I've struggled with over the years with my JASS/SST-based jumpstartMatthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com3tag:blogger.com,1999:blog-4770774760495172381.post-2852408937189463132009-10-08T10:26:00.004+11:002009-10-08T10:35:23.883+11:00Speaking of Solaris 10 Update 8...You can now read about What's New.Quite a few ZFS changes including Flash Archive support integrated into installer, cache devices, and a bunch of new properties that breakdown space usage by child dataset, snapshot, etc.Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-82130568239780865632009-10-08T10:21:00.001+11:002009-10-08T10:23:07.008+11:00Solaris 10 Kernel PatchID Sequence - Patch CornerWatch this page Solaris 10 Kernel PatchID Sequence - Patch Corner. It is regularly updated with the Solaris 10 kernel patch IDs as well as the sustaining patch IDs. Solaris 10 Updates 8 and 9 have just been added.Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-29853603276866448732009-08-16T12:02:00.002+10:002009-08-16T12:04:12.897+10:00Improvements to Solaris 10 Recommended and Sun Alert Patch Clusters releasedSun have made quite a significant revamp to the Solaris 10 Recommended and Sun Alert patch clusters. Filtering out "false negatives" from the patch utility return codes. The new 'installcluster' script will exit as soon as it encounters an unexpected failure. The new 'installcluster' script includes context intelligence for patching operations. The new 'installcluster' script Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-74724365110303160632009-08-12T18:29:00.002+10:002009-08-12T18:29:00.785+10:00Requiring at least one inline FormSetLast month I posted an article about my Improved Django FormWizard, well this month I've release a simple subclass of Django's BaseInlineFormSet that demonstrates how you can require a user to enter at least one entry in an inline formset.After updating to wadofstuff.django.forms 1.1.0 you can use the RequireOneFormSet class as the formset argument to inlineformset_factory().When the formset is Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com4tag:blogger.com,1999:blog-4770774760495172381.post-9609213827357980452009-07-25T14:47:00.006+10:002009-08-11T14:07:00.571+10:00Inlines support for Django generic viewsDjango's excellent Generic Views provide developers with most of what they need to get a site up and running (if they aren't using the Admin of course). The flexibility of these views is such that for most sites you don't need much else. Extending these views is also well documented and probably covers off 95% of the situations where the plain generic views fall short.In a recent project I found Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com3tag:blogger.com,1999:blog-4770774760495172381.post-55421238792510482622009-07-21T18:05:00.003+10:002009-08-11T11:50:19.780+10:00Atom Feed for SVN Commit LogRecently the developers of Extjs added a page that opened up their subversion commit log so users could see what was being added/fixed. Unfortunately they decided to only publish it using the output of svn log -v --xml rendered in an Ext.grid.GridPanel.It is a nice example of what you can do with their framework, but this format is not so friendly to use or keep tabs on so I've created a mashup Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-75557986177945206322009-07-21T17:45:00.001+10:002009-07-21T17:45:00.082+10:00Improved Django FormWizardA few months back I had a project that I thought needed a wizard-style interface for one of its forms. For a while now Django has included the FormWizard class in django.contrib.formtools.wizard so I decided to use that. However, I immediately hit a couple of issues with it.FormWizard requires you to output the previous_fields context variable in each of the form's step templates. Django's Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com8tag:blogger.com,1999:blog-4770774760495172381.post-31949742207518677232009-07-13T20:44:00.003+10:002009-08-20T15:52:38.065+10:00Flash BackLate last year Solaris 10 Update 6 was released and included the long waited for ZFS root capability. Unfortunately for many customers using Jumpstart to build their systems it also meant they had to stop using Flash Archives as Sun explicitly stated that they were incompatible. Solaris 10 Update 7 didn't fix this either and zfs-discuss forum discussions seemed to indicate it would not be Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-59261458960190022542009-05-30T11:27:00.004+10:002009-05-30T11:41:57.345+10:00New Solaris PatchFinder toolAnyone who has ever used the existing Solaris patch search tool will know how limited it is. Well Sun have released a much improved search page called Software Update Finder. Gerry Haskins has detailed blog about its new capabilities which include:Filtering results by OS release and architecture.Limiting search results to Security and/or Recommended patches.Searching for patches that fix a Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0tag:blogger.com,1999:blog-4770774760495172381.post-35481136593348671782009-05-26T15:28:00.005+10:002009-05-26T16:38:02.882+10:00Python ipaddr performanceLast weekend while I was cleaning up my IP address summarization script (I added a setup.py, created a Cheese Shop entry and a downloadable archive) I had a look at the state of IP address manipulation in Python and found a new module called ipaddr. What sparked my interest in this module was that it had already been integrated into upcoming Python 2.7 and 3.1 as a standard library.It seemed to Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com1tag:blogger.com,1999:blog-4770774760495172381.post-49206595623871623372009-05-24T00:35:00.003+10:002009-05-24T01:06:34.406+10:00Django Serializer UpdatesI've had a couple of emails and forum posts where users were having difficulty with my serialization module. The problems mostly centered around installing it correctly.I did a little work tonight to clean up the installation side of things. As a result you can now find the module in the Cheese Shop.The latest stable release for the serialization module can also be obtained by:Running Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com2tag:blogger.com,1999:blog-4770774760495172381.post-47539434877795884372009-04-29T22:54:00.003+10:002009-04-29T23:08:06.066+10:00Solaris 10 5/09 (Update 7) is out......well almost. The DVD ISO isn't available yet for download but you can check out What's New and the Release Notes on docs.sun.com while you wait.From my reading so far there doesn't seem to be many exciting new features but the Solaris 10 5/09 Patch List at least lists some patches that I'll no longer have the pain of applying to the new miniroot boot archives.Matthew Flanaganhttp://www.blogger.com/profile/15093905875465763876noreply@blogger.com0