Cisco Patches Security Software Glitch

By Matt Hines  |  Posted 2006-07-21 Print this article Print

The company has attempted to fix three individual vulnerabilities in its security monitoring software that could allow hackers to take control of computers running the package.

Cisco Systems released a security update meant to close three vulnerabilities in one of its network monitoring products.

The San Jose, Calif.-based company released an advisory to its customers warning of the flaws in its CS-MARS (Cisco Security Monitoring Analysis and Response System) and is offering clients a patch update that promises to close the loopholes.
The issues are related to the softwares interaction with third-party applications, and revolve around the programs CLI (command line interface), the company said.

The problems occur when the monitoring software is used in conjunction with several products from other vendors, specifically Oracles database applications and the open source JBoss Web application server, both of which are shipped bundled together with CS-MARS.

In the case of the Oracle issue, Cisco said that the database software contains several default accounts with well-known passwords that could allow outsiders to gain access to information in the system if they are aware of the log-in information, which was originally distributed by Oracle. The affected information contained in the database potentially includes authentication credentials for network devices such as firewalls, routers and IPS devices and the details of network security events, Cisco said.

Click here to read more about Ciscos efforts to patch vulnerabilities. The company said that its CS-MARS appliance offers additional hardening to prevent local and remote unauthorized access to the database but that as a precaution, the database accounts have now been disabled to prevent potential attacks. The CS-MARS application does not use the default Oracle database accounts, the firm reported.

With JBoss Web application server, the networking giant said that a component of the softwares installation may allow a remote, unauthenticated user to execute arbitrary shell commands with the privileges of a legitimate administrator.

The third security glitch directly involves the CLI, which Cisco said contains several vulnerabilities that could allow authenticated administrators to execute arbitrary shell commands with root privileges. The CLI is described by the company as a restricted shell environment meant to allow administrators to perform system maintenance tasks. If exploited, the privilege escalation vulnerabilities could allow shell commands to be executed on the underlying appliance operating system with root privileges, according to bulletin.

Cisco contends that all three of the vulnerabilities were corrected with the release of the newly patched version of the package, dubbed CS-MARS software version 4.2.1.

The networking market leader was forced to issue three other security patches earlier this year that addressed denial-of-service vulnerabilities in multiple products. Cisco issued two separate updates for its Cisco Call Manager, the software-based call-processing component of the Cisco IP telephony service, along with a patch for a Cisco IOS flaw.

Other security vendors have also been forced to update their products to close vulnerabilities in recent months. In early June anti-virus market leader Symantec released a fix for a high-risk worm hole in two enterprise-facing product lines. Symantec described the issue as a stack overflow affecting Symantec Client Security and Symantec AntiVirus Corporate Edition, two product suites targeted at business and government customers.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel