By Dawn Kawamoto
Published on ZDNet News
July 20, 2006
Networking giant Cisco Systems has fixed several flaws in a security
monitoring product meant to protect networks against attacks.
The company outlined the vulnerabilities in its Cisco Security Monitoring
Analysis and Response System in an advisory Wednesday. The three
vulnerabilities could allow intruders to gain remote access to systems and
to glean sensitive information, Cisco said. They relate to the CS-MARS
system itself and to the way it interacts with software from Oracle and
Cisco said it has patched CS-MARS version 4.2.1 and later, and urged
customers to apply all available updates. All previous CS-MARS versions,
however, are affected by the flaws.
CS-MARS, which monitors network devices and reports security problems,
uses Oracle databases to store sensitive network information, such as
authentication credentials for firewalls, routers and IPS devices. Cisco
noted that Oracle databases have several built-in default accounts that
use well-known passwords. As a result, a malicious attacker could
potentially gain access to the information stored in the database.
A malicious attacker could also execute remote code on a CS-MARS appliance
and gain administrator privileges via an optional JBoss JMX console. JBoss
Web application servers can be used with CS-MARS.
In CS-MARS itself, the problem lies in the command line interface, or CLI,
which is designed to allow authenticated administrators to conduct
maintenance on their systems. However, several flaws in the CLI could
allow an attacker to escalate their privileges to gain root access to a
machine, according to a a posting from the SANS Institute's Internet Storm
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.