May 2010 Archives
Thu May 27 14:43:26 CEST 2010
Jail-breaking the Cisco Unified Communication Manager (CUCM)
We have a long and very good relation to the Cisco PSIRT team, reporting vulnerabilities to them and patiently waiting until fixes are provided. But some things, we simply don't consider to be vulnerabilities in the typical sense of the word. This includes artifacts of product behavior that allow you to get the type of the access to the product that you would expect.
The reasoning is that you already have to have a legitimate operating system administrator account on the CUCM, in order to "escalate" your privileges to a remote root shell. That the legitimate operating system administrator account, as provided by the product, isn't actually root, doesn't change the privilege situation one bit. Also, other people have published other guides (e.g. this one) before.
Therefore, we have decided to publish an article on how to gain the access you may want.
Please use this information only on lab systems or virtual installations. It is not recommended to root any actual Cisco appliance and will most likely void your warranty.
Posted by FX | Permanent link
Wed May 26 17:53:44 CEST 2010
Carnival of the Cultures 2010
A great team needs a good environment to work in, and the environment doesn't stop at the office door. The cultural space in which you live also plays an important role and influences how people think and work. Berlin, home to Recurity Labs, luckily provides a rich and multifarious culture, which all of us enjoy a lot. Therefore, we occasionally want to give back to that environment, doing our little part to make it blossom some more.
For this year's Carnival of the Cultures, a multicultural street parade, we had the opportunity to support [multi:mat] and our long time DJ Friends from Dangerous Drums with getting their float onto the parade.
We would like to thank [multi:mat] and Dangerous Drums for the making this all possible and of course the hundreds of thousands of people that participated in the parade.