Holes Found in Cisco, Veritas, Samba Products

 
 
By Wayne Rash  |  Posted 2004-12-16 Email Print this article Print
 
 
 
 
 
 
 

Security sources announce four mostly unrelated enterprise vulnerabilities in Cisco Unity, Cisco Guard, Veritas' Backup Exec, and Samba, the Windows file-sharing utility for Linux.

Thursday was a big day for vulnerability announcements, but not necessarily for big vulnerabilities. Cisco on Thursday announced two problems with its products, one of which had the potential to be serious. A potentially serious problem with Samba appeared on Bugtraq, and Veritas reported a problem with Backup Exec versions 8 and 9. None of the problems should cause trouble for companies with good security practices. Perhaps the most serious vulnerability to be announced Thursday affects Cisco Unity versions 2, 3 and 4. Ciscos converged communications product reportedly creates several user accounts with default passwords. If your network manager doesnt change the default passwords after installing Unity, outside users could log in to your network with administrator-level functions. The solution is to change the passwords on those accounts to something besides the default setting. According to Ciscos announcement, normal practice when software is installed is to ask the administrator for a password for each account rather than just creating a default. Details on this vulnerability can be found on Ciscos Web site.
Cisco announced that the same problem appears in Cisco Guard, the companys denial-of-service mitigation appliance, prior to version 3.1. As is the case with Unity, this product comes with a default password that needs to be changed. In this case, its the root password for the device itself.
As is the case with the Unity vulnerability, the immediate solution is to change the password. Details are available here. The vulnerability in Backup Exec versions 8 and 9 reported by Veritas allows an intruder to gain access to domain administrative accounts by creating a stack-based buffer overflow. This in turn allows the intruder to execute arbitrary code under one of the service processes. Veritas already has a hot fix available for download here. The company says versions 8.5 and 9.1 are affected and can be updated.
Earlier versions also may share this vulnerability, but updates for those are not available because Veritas no longer supports them. The company also said the vulnerability can be worked around by simply installing a firewall to protect trusted workstations. Samba, the Windows file-sharing utility for Linux, is reported to have an integer overflow problem that can allow an intruder to gain root access to the machine its installed on. However, for that to happen, the intruder would still have to have the proper credentials. Click here to read about Samba 3.0. This vulnerability affects versions of Samba through 3.0.9. Unsuccessful efforts to exploit this vulnerability will leave error messages in the system logs. A patch that will fix the affected code can be found here. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
 
 
 
 
Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel