Asking The Cisco Systems? IPICS Expert: Questions 6-10
Home

Asking The Cisco Systems? IPICS Expert: Questions 6-10

Posted July 23rd, 2008 by admin

57
vote

?Hello? Is there anybody out there??

So, it?s been a few business days since I posted ?Asking the Cisco Systems? IPICS Expert: Questions 1-5? and while I haven?t heard anything back from the IPICS Expert either via email or comment on the blog post, it is somewhat amusing, and perhaps a bit disturbing, that a Google search for ?IPICS Expert? leads back to VOIPSA?go figure.

Anyway, as with the previous post, this post continues focusing on Cisco Systems? IPICS (IP Interoperability and Collaboration System) Server, the ?heart? of the IPICS solution, with five more questions for the Cisco IPICS Expert:


Question 6: Early versions of the IPICS Server documentation refer to the operating system as Red Hat Linux, while a later version of documentation refer to the operating system as ?Cisco Linux? and the latest version of documentation states ?Linux? ? Is the IPICS Server still based on Red Hat? If so, what version of Red Hat (enterprise, etc.)?

Cisco Answer


Question 7: Does the IPICS Server have any kind of file-integrity assurance program like, for example, Open Source Tripwire?

Cisco Answer

Question 8: Is the ?Cisco Security Agent? provided at no cost for the IPICS Server, or is there an extra cost for this piece of software ?protection??

Cisco Answer

Question 9: The IPICS Server uses the IBM Informix database. According to documentation, IPICS Server 2.1(1) uses IBM Informix Dynamic Server Version 10.00.UC1. In 2008 several vulnerabilities were released concerning Informix, such as CVE-2008-0949, CVE-2008-0727, CVE-2008-0768 , CVE-2008-0369 , and CVE-2008-0368. If applicable to the IPICS Server 2.1(1) and earlier versions, have these vulnerabilities been addressed and patched in the IPICS Server? There seems to be nothing at the Cisco PSIRT site addressing these vulnerabilities. Am I missing something here?

Cisco Answer


Question 10: For IPICS Server 2.1(1), please provide a listing of all installed RPM packages, their version, and indication of known vulnerabilities in each RPM package.

Cisco Answer

As with my previous five (as yet unanswered) questions, I thank you and look forward to your answers.

Shawn Merdinger
Security Researcher

Bookmark/Search this post with:
  • Delicious
  • Digg
  • Reddit
  • Newsvine
  • Google
  • Yahoo
  • Technorati
Post new comment
The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.