Cisco adds to its patch pile
Hours after it addressed a flaw in its Internetwork Operating System (IOS) HTTP Server Wednesday, Cisco Systems Inc. offered up fixes for another IOS problem and glitches in CallManager.
Two security holes affect versions of Cisco CallManager, the software-based call-processing component of the San Jose, Calif.-based networking giant's IP telephony products.
The first problem is that CallManager versions "with multilevel administration (MLA) enabled may be vulnerable to privilege escalations, which may result in read-only users gaining administrative access," Cisco said. Multilevel administration provides multiple security levels to CallManager. "An administrative user with read-only permission can use a crafted URL on the CallManager Admin Web page to escalate privileges to a full administrative level. Successful exploitation of the vulnerability may result in privilege escalation where read-only administrative users can gain full administrative privileges and create, delete, or reset devices." The second problem is that CallManager doesn't manage TCP connections and Windows messages aggressively, leaving some well-known, published ports vulnerable to denial-of-service attacks, Cisco said.
Both flaws affect:
- Cisco CallManager 3.3 versions earlier than 3.3(5)SR1a
- Cisco CallManager 4.0 versions earlier than 4.0(2a)SR2c
- Cisco CallManager 4.1 versions earlier than 4.1(3)SR2
The third problem is that the Stack Group Bidding Protocol (SGBP) feature in certain versions of IOS is vulnerable to a remotely exploitable denial-of-service condition.
The advisories include a patch matrix to help organizations determine how to patch various products.
These fixes come on the heels of another IOS flaw addressed this week. Cisco said there's no fix yet for a security hole in its Internetwork Operating System (IOS) HTTP Server, but it is developing one. For now, there are workarounds.
The vendor said its advisory "applies to all Cisco products that run Cisco IOS software versions 11.0 through 12.4 with the HTTP server enabled." The problem was described as an input validation flaw attackers could exploit to run malicious scripting code.
Exploit code targets Veritas NetBackup
Cupertino, Calif.-based Symantec Corp. has updated an advisory it first released in November for a high-risk flaw in Veritas NetBackup 5.x servers and clients, warning that exploit code is now targeting the security hole.
"Exploit code for this issue is publicly available," Symantec said. However, the company added, its signatures have been tested with the latest exploit code "and the signatures do detect it." Symantec also has a fix for the vulnerability, a buffer overflow condition in a shared library used by the Veritas NetBackup volume manager daemon (vmd) running on Veritas NetBackup 5.x servers and clients.
"Successful exploitation of this overflow condition could possibly allow a malicious attacker to create a denial of service disrupting backup systems or potentially allow execution of arbitrary code with elevated privileges on a targeted system," Symantec said.