Monday, May 6, 2013

cisco ASA and software development

I ran into something interesting with my cisco & the  latest code set that running on my  ASA5505.  It started with a script that I have running via cron and with "expect".  The script issues a "show  inventory" command. My ASA started rebooting and I had problems figuring out what was the issues.

My  unit seems to crash upon execution of the script and took me a while to narrow down the culprit as being the  execution of a "show cmd".

Here's a "show version" of the victim ( bold the ASA code version at top )

 
asaken> show ver



Cisco Adaptive Security Appliance Software Version 9.1(1)4

Device Manager Version 7.1(2)



Compiled on Wed 13-Mar-13 07:45 by builders

System image file is "disk0:/asa911-4-k8.bin"

Config file at boot was "startup-config"



asaken up 2 mins 23 secs



Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz,

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xfff00000, 1024KB



Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode        : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.08

                             Number of accelerators: 1



 0: Int: Internal-Data0/0    : address is 001f.caf3.2111, irq 11

 1: Ext: Ethernet0/0         : address is 001f.caf3.2109, irq 255

 2: Ext: Ethernet0/1         : address is 001f.caf3.210a, irq 255

 3: Ext: Ethernet0/2         : address is 001f.caf3.210b, irq 255

 4: Ext: Ethernet0/3         : address is 001f.caf3.210c, irq 255

 5: Ext: Ethernet0/4         : address is 001f.caf3.210d, irq 255

 6: Ext: Ethernet0/5         : address is 001f.caf3.210e, irq 255

 7: Ext: Ethernet0/6         : address is 001f.caf3.210f, irq 255

 8: Ext: Ethernet0/7         : address is 001f.caf3.2110, irq 255

 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

10: Int: Not used            : irq 255

11: Int: Not used            : irq 255



Licensed features for this platform:

Maximum Physical Interfaces       : 8              perpetual

VLANs                             : 3              DMZ Restricted

Dual ISPs                         : Disabled       perpetual

VLAN Trunk Ports                  : 0              perpetual

Inside Hosts                      : 10             perpetual

Failover                          : Disabled       perpetual

Encryption-DES                    : Enabled        perpetual

Encryption-3DES-AES               : Enabled        perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 10             perpetual

Total VPN Peers                   : 12             perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

Cluster                           : Disabled       perpetual



This platform has a Base license.



Serial Number: JMX1215Z145

Running Permanent Activation Key: 0x65285667 0x9c212c13 0x7c505978 0xbaecc4d4 0xc231aa90

Configuration register is 0x1

Configuration has not been modified since last system restart.

asaken> en

Password: *************


And here's the  show inventory command options, if you specify a slot   it works but if you  don't , it crashes and burn. ( god you have to love software developers no adays )


 
I'm going to downgrade back one rev to see if the problem still exist. Nothing interesting flashed on  console or log, with the exception of  a ssh cpu task ran for xxxxx msec. 

The ASA just plain hangs, and then reboots. Nice!

Ken Felix
Freelance Security/Network Engineer
kfelix ---a-t--- hyperfeed ---d-o-t-com

1 comment:

  1. IT companies are gaining popularity with every passing day and tend to grow at a rapid speed. Software development company procedures are getting purifies and verified with a brilliant merge of existing and new technologies everyday. Due to the massive demand of automation and perfection, many organizations are now opting outsourcing software development in order to meet their business needs.

    ReplyDelete