Home > Security News > Security Bytes: Cisco patches CS-MARS flaws
Security News:
EMAIL THIS LICENSING & REPRINTS

Security Bytes: Cisco patches CS-MARS flaws

By SearchSecurity.com Staff
20 Jul 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Cisco patches CS-MARS flaws
Attackers could exploit several security holes in Cisco's Security Monitoring, Analysis and Response System (CS-MARS) to take complete control of an affected system or gain knowledge of sensitive information. A fixed version of the program is now available.

The San Jose, Calif.-based networking giant said in an advisory that version 4.2.1 of CS-MARS -- a security system that receives and analyzes event logs from various network devices and reports any security issues -- fixes the following problems:

  • CS-MARS uses an Oracle database to store sensitive network event and configuration data. The information contained in the database potentially includes authentication credentials for network devices, such as firewalls, routers and IPS devices, and the details of network security events, Cisco said. By default, Oracle databases contain several built-in accounts with well-known passwords and, if access can be gained to the database, the accounts could potentially be used to compromise the information stored in the database.

  • CS-MARS contains an installation of the JBoss Web application server. It may be possible for a remote, unauthenticated user to create a specially-crafted HTTP request that executes arbitrary shell commands on the CS-MARS appliance with the privileges of the CS-MARS administrator via the optional JBoss JMX console. Cisco said.

  • The CS-MARS CLI -- a restricted shell environment that allows authenticated administrators to perform system maintenance tasks -- contains several privilege escalation vulnerabilities that may allow shell commands to be executed on the underlying appliance operating system with root privileges, Cisco said.

    Metasploit creator warns of serious IE flaw
    Metasploit Framework creator H.D. Moore has outlined a serious vulnerability in Microsoft Internet Explorer (IE) as part of his Month of Browser Bugs campaign.

    Moore has been posting at least one new browser flaw a day in his Browser Fun blog as part of the effort, which he has said will continue through the month of July. One of the latest postings for IE caught the attention of the French Security Incident Response Team (FrSIRT), which labeled the flaw critical in an advisory.

    Remote attackers could exploit the flaw to crash a vulnerable browser or potentially take complete control of an affected system, FrSIRT warned. "This flaw is due to an integer overflow error in the Common Controls library 'comctl32.dll' when processing a 'WebViewFolderIcon' object with a specially crafted 'setSlice()' method, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a specially crafted Web page," FrSIRT said.

    Cisco may get more unwanted attention at Black Hat
    Last year's Black Hat Briefings conference in Las Vegas was dominated by the controversy caused by researcher Michael Lynn's demonstration of a Cisco router exploit. Lynn isn't scheduled as a presenter at this year's Black Hat proceedings, which take place Aug. 2 and 3, but Cisco's products may be under the microscope again.

    Fifteen new exploits will be detailed at this year's conference and two of them target NAC (Network Admission Control) and VoIP vulnerabilities in products from Cisco and other vendors. Black Hat Director Jeff Moss told the IDG News Service that vulnerability researchers are shifting focus from Windows flaws to other areas like NAC and VoIP.

    Black Hat and Cisco settled a lawsuit over the Lynn affair after conference organizers promised not to proliferate Lynn's findings. The IDG News Service noted that a Cisco lawsuit regarding any potential disclosures at the upcoming conference is unlikely because the exploits are related to underlying technologies used in many products, not just those produced by Cisco.

    Sound Off! -   Be the first to post a message to Sound Off!


    Tags: Security Event ManagementDatabase SecurityInternet Explorer SecurityVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


    • TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts