A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections.
The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
Security Impact Rating: Medium
When Unitrends creates snapshots, it copies the snap shots to the Unitrends storage and then deletes the snapshot. If the delete operation fails, then every time Unitrends creates a snapshot the snapshot chain will grow in size. The snapshot chain has a maximum size of 30 snapshots. After the 30th snapshot no more can be created. The error, “Snapshot chain is too long” will appear in the Unitrends logs. You will also not be able to create a snapshot in XenCenter or from an xe command
This article describes how to recreate a Physical Volume (PV) and restore Logical Volume Manager (LVM) structure in a situation where Shared or Local storage metadata has been damaged or overwritten.
Warning! Perform the instructions at your own risk. It is recommended to raise a case with Citrix Technical Support to confirm the cause of the issue and then perform necessary steps. Do not attempt commands in this article unless you are confident in understanding of the issue and suggested steps.
If a PV information has been accidentally deleted or tempered with, LVM commands such as “lvscan”, “vgscan”, and “pvscan” return incorrect or empty output.
Note: The commands lvscan, vgscan, and pvscan also return empty output if storage is disconnected or XenServer has problems with communicating to the storage device. Ensure that storage is attached and can be accessed from XenServer, by testing reading with hdparm –t /dev/sd<x> or hdparm –t /dev/mapper/<scsi id> for multipathed SRs, before proceeding with the following instructions. Correct output returns the PV associated with block device and corresponding Volume Groups.
For instance, correct output of pvscan command for shared SR (iSCSI or HBA) with multipath enabled would be in the following format.
PV /dev/mapper/<scsi id> VG VG_XenStorage-<SR uuid> lvm2 [<size total/size free>]
Note how the block device appears under /dev/mapper. If multipath is not enabled, PV value would point to a single block device /dev/sd<x>, like in case of the local storage. For example:
PV /dev/sda3 VG XSLocalEXT-fdf91589-39f4-4104-9856-3cb6c606255 lvm2 [457.75 GB / 0 free]
If only /dev/sd<x> device is displayed, you can confirm scsi id of that device by inspecting output of command.
ls –alh /dev/disk/by-id/
For example, if there is an iSCSI device with scsi id of “23237636464633731” and uuid “e79f14b6-055e-a166-42ce-bf535db5f285”, as seen in general tab of the SR in XenCenter, then the pvscan output for this SR is as follows.
PV /dev/mapper/23237636464633731 VG VG_XenStorage-e79f14b6-055e-a166-42ce-bf535db5f285 lvm2 [1.22 TB / 116.00 GB free]
- Storage has been accidentally mapped to another XenServer pool and/or PV and VG metadata has been removed or overwritten with new PV and VG information.
LVM metadata has been removed with incorrect pv/vg commands executed on the host.
- Storage failure that caused corruption on the LUN affecting LVM metadata.
there is a NetApp NFS file share that needs to be scanned and all the files classified (add meta data, visual tags, etc.) based on content. Can ICT connect to and scan NFS shares hosted on NetApp? would it need DLP Network Discover to perform the scanning? I know Network Discover is supposed to be abel to connect to and scan NFS shared, but I have never done it.
Hello, I have a Windows Server 2012 R2 server with GSS 3.3 installed. Client computer OS is Windows 10, Disk Management looks like attached image “disk_management.png”. In diskpart concole the disk and partition information looks like attached image “diskpart.png”
In GSS console:
Create image job command: -CLONE,MODE=CREATE,SRC=2,DST=%IMAGE_FILENAME% -SURE -SPLIT=0 -Z3
Image location: 1:2ImagesImage.gho
Restore image command: -CLONE,MODE=RESTORE,SRC=%IMAGE_FILENAME%,DST=2 -sure
Image location: 1:2ImagesImage.gho
1. To create image, if image location set to D:Imagesimage.gho, the job seems never complete, status is keeping “Uploading disk image…” unless I delete the job manually. If image location set to 1:2xxxx.gho, the job completed successfully. Why this happens?
2. Restore image not work with above ghost command, the warning message is “The Drive number selected for deploying an image connot be same as the Drive number on which the image is stored.” Anything wrong in the restore command? Please advise.
Hello, I’ve been using Ghost to image my personal machines for about 20 years. I simply boot off the CD and create backups to another drive, and restore in the same fashion. Now I just bought a new laptop, that doesn’t have a CD drive. So I created a bootable USB, which works on my older machines, but not the new laptop. The laptop bios settings include: storage controller RST mode (not entirely sure why this laptop requires this), boot mode UEFI (can’t go to Legacy boot mode in RST), and USB boot enabled. I’ve tried multiple different settings and the laptop just will not bring up the USB in the boot menu. I tried taking the SSD out to put it in my old machine, but then realized it’s not SATA (it’s NVMe PCIe).
So can someone please enlighten me on how best create a Ghost image of this hard drive? Many thanks in advance!
What a month this has been for Dell EMC Isilon! Not only are we announcing some pretty powerful innovations, we also won a Technology & Engineering Emmy® Award this month. Isilon and OneFS have made a powerful impact on the media and entertainment industry and we have been able to empower organizations to take control of their unstructured data and drive change. According to Gartner, “By 2024 enterprises will triple their unstructured data stored as file or object storage from what they have in 2019.”* As data continues to grow at this unrelenting pace, it is … READ MORE
Not sure exactly where to look for help on this so that is why I am posting here. I am using ghostcast server version 220.127.116.1118 and am having difficulties imaging a new windows 10 laptop. Before we had laptops that allowed Legacy boot options and we were able to create an image no problem for those. However we now have a few new ones that only allow UEFI boot which may possibly be the issue I am having. So I syspreped my machine and that went fine but when I boot to a usb disk with UEFI on the client and get to the point of selecting a my disk, the size of the drive is only 150MB. The drive is an SSD that is 256GB. For some reason it is not seeing the full disk only a small parition of it. Does anyone know if this is due to using UEFI or some other reason? ANy help on this would be appreciated. Thanks.