2 min
Government
GestioIP Authenticated Remote Command Execution module
GestioIP is an open-source IPAM (IP Address Management) solution available on
Sourceforge, written in Perl.
There is a vulnerability in the way the ip_checkhost.cgi deals with pinging IPv6
hosts passed to it. If you pass an IPv4 address, the CGI uses a Perl library to
perform the ping and return the results to the user.
However, this library doesn't seem to support IPv6 hosts, so the developer uses
the ping6 utility to perform the ping of an IPv6 machine. The developer did
perform some validat
2 min
Government
Federal Friday – 9.20.13 – The Air Gapped-Off line Edition
September 20th. Yup, I said it. We are two days away from the Autumnal Equinox,
and I find myself asking; where have the spring and summer gone? With about 6
working days left in the federal FY13 most of us are knee deep in year-end wrap
and FY14 prep (even though that might be delayed a little while).
I read a nice article in the New York Times last weekend by Matthew L. Wald
called “Imagining a Cyberattack on the Power Grid
[http://www.nytimes.com/2013/09/11/us/imagining-a-cyberattack-on-th