Hello and welcome to the Friday, October 6, 2003 edition of the Sanford Storms on Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Recently, DDA published a brief diary showing how to decode some little Indian IP addresses that are stored in Windows

event logs.

Well, it turns out it's not just Windows doing it this way.

Also, good old Unix or Linux is doing it in the slash Brock file system.

Jim now wrote a quick Python script that will allow you to decode these entries,

both in IPV6 as well as IPV4. Of course, quite a bit simpler in IPV6 because IP address

are hex anyway, so the translation is really just sort of shoveling bytes around for IPV4. Of course, it will do not just

the flipping off the bytes, but will also decode from hexadecimal to the dotted decimal system.

And Cisco fixed a critical vulnerability in its emergency responder product. This is typically

used to run 911 call centers and alike. And yes, it suffers from what Cisco calls static

credentials used for development, but others may refer to this as a backdoor. If it hasn't happened

already, it's probably just a matter of time for the root credentials in this case to be posted

publicly somewhere. Haven't seen it myself yet, but haven't really been looking, so please patch.

And as expected, we do have proof-of-concert exploits now for CVEE 2023, 4911.

That's the Perlige Escalation War on abilities that was made public earlier this week,

or also referred to as loony tunables.

I'll link to one of the exploits that I think is legit.

Haven't really tested it myself yet.

But keep in mind that, yes, there are multiple valid exploits that have been released.

...