[ISN] Cisco patches security-monitoring system

From: InfoSec News (alerts@private)
Date: Fri Jul 21 2006 - 02:42:47 PDT


By Dawn Kawamoto
CNET News.com
Published on ZDNet News
July 20, 2006

Networking giant Cisco Systems has fixed several flaws in a security 
monitoring product meant to protect networks against attacks.

The company outlined the vulnerabilities in its Cisco Security Monitoring 
Analysis and Response System in an advisory Wednesday. The three 
vulnerabilities could allow intruders to gain remote access to systems and 
to glean sensitive information, Cisco said. They relate to the CS-MARS 
system itself and to the way it interacts with software from Oracle and 

Cisco said it has patched CS-MARS version 4.2.1 and later, and urged 
customers to apply all available updates. All previous CS-MARS versions, 
however, are affected by the flaws.

CS-MARS, which monitors network devices and reports security problems, 
uses Oracle databases to store sensitive network information, such as 
authentication credentials for firewalls, routers and IPS devices. Cisco 
noted that Oracle databases have several built-in default accounts that 
use well-known passwords. As a result, a malicious attacker could 
potentially gain access to the information stored in the database.

A malicious attacker could also execute remote code on a CS-MARS appliance 
and gain administrator privileges via an optional JBoss JMX console. JBoss 
Web application servers can be used with CS-MARS.

In CS-MARS itself, the problem lies in the command line interface, or CLI, 
which is designed to allow authenticated administrators to conduct 
maintenance on their systems. However, several flaws in the CLI could 
allow an attacker to escalate their privileges to gain root access to a 
machine, according to a a posting from the SANS Institute's Internet Storm 

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Fri Jul 21 2006 - 03:00:46 PDT