[c-nsp] Vulnerabilities in HTTP server on Catalyst Switches
joshua sahala
jejs+lists at sahala.org
Thu Jun 9 15:34:52 EDT 2005
On (09/06/05 13:19), John Neiberger wrote:
>
> I'm only interested in the security aspects of the http server on the
> switches, not the usability of the GUI. I also prefer the CLI but I'm
> considering offering CNA to some of the other people in our department
> so they can do some basic troubleshooting on their own without
> involving me.
John,
You might consider a looking glass-type application for that. It wouldn't
require the old java or the new ie, and would be a lot faster than CNA,
but it would probably be able to give the same info :) There is some
looking glass code included with rancid, or there are a plethora of others
(version6.net's version is pretty cool)
http://www.traceroute.org/#source%20code
With just a bit of modification, you could specify the commands you want
them to be able to use, and you don't have to worry about Cisco's
historically insecure webui
/joshua
--
A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools.
- Douglas Adams -
More information about the cisco-nsp
mailing list