Holes Found in Cisco, Veritas, Samba Products

 
 
By Wayne Rash  |  Posted 2004-12-16
 
 
 
Thursday was a big day for vulnerability announcements, but not necessarily for big vulnerabilities. Cisco on Thursday announced two problems with its products, one of which had the potential to be serious. A potentially serious problem with Samba appeared on Bugtraq, and Veritas reported a problem with Backup Exec versions 8 and 9. None of the problems should cause trouble for companies with good security practices.

Perhaps the most serious vulnerability to be announced Thursday affects Cisco Unity versions 2, 3 and 4. Ciscos converged communications product reportedly creates several user accounts with default passwords. If your network manager doesnt change the default passwords after installing Unity, outside users could log in to your network with administrator-level functions.

The solution is to change the passwords on those accounts to something besides the default setting. According to Ciscos announcement, normal practice when software is installed is to ask the administrator for a password for each account rather than just creating a default. Details on this vulnerability can be found on Ciscos Web site.

Cisco announced that the same problem appears in Cisco Guard, the companys denial-of-service mitigation appliance, prior to version 3.1. As is the case with Unity, this product comes with a default password that needs to be changed. In this case, its the root password for the device itself.

As is the case with the Unity vulnerability, the immediate solution is to change the password. Details are available here.

The vulnerability in Backup Exec versions 8 and 9 reported by Veritas allows an intruder to gain access to domain administrative accounts by creating a stack-based buffer overflow. This in turn allows the intruder to execute arbitrary code under one of the service processes. Veritas already has a hot fix available for download here. The company says versions 8.5 and 9.1 are affected and can be updated.

Earlier versions also may share this vulnerability, but updates for those are not available because Veritas no longer supports them. The company also said the vulnerability can be worked around by simply installing a firewall to protect trusted workstations.

Samba, the Windows file-sharing utility for Linux, is reported to have an integer overflow problem that can allow an intruder to gain root access to the machine its installed on. However, for that to happen, the intruder would still have to have the proper credentials.

Click here to read about Samba 3.0.

This vulnerability affects versions of Samba through 3.0.9. Unsuccessful efforts to exploit this vulnerability will leave error messages in the system logs. A patch that will fix the affected code can be found here.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Rocket Fuel