Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Cisco warns of sensor flaw

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Cisco warns of sensor flaw
Date: Thu, 25 Aug 2005 05:41:42 -0500 (CDT) 
http://www.techworld.com/security/news/index.cfm?NewsID=4274

By Matthew Broersma
Techworld
24 August 2005

Networking giant Cisco Systems has warned of a security flaw affecting
two of its widely used security systems.

The flaw, involving SSL (Secure Sockets Layer), affects CiscoWorks
Management Center for IDS Sensors, known as IDSMC, and a related
product, Monitoring Center for Security, also called Security Monitor
or Secmon.

In an advisory, Cisco said an attacker could use the bug to pretend to
be a legitimate Cisco Intrusion Detection Sensor (IDS) or Intrusion
Prevention System (IPS).

That could allow the attacker to collect login credentials, submit
false data to IDSMC and Secmon or filter what data the two products
see. Filtering could be used, for instance, to keep the security
products from detecting an attack.

"If exploited, the attacker may be able to gather login credentials,
submit false data to IDSMC and Secmon or filter legitimate data from
IDSMC and Secmon, thus impacting the integrity of the device and the
reporting capabilities of it," Cisco stated.

IDSMC provides configuration and signature management for IDS and IPS
systems. Secmon provides event collection, viewing and reporting
functions for Cisco network devices. The affected versions include
IDSMC versions 2.0 and 2.1 and Secmon versions 1.1 to 2.0 and version
2.1, Cisco said.

Not affected are IDSMC versions 1.0 to 1.2 and Secmon version 1.0.

Cisco said it isn't aware of any exploit code currently circulating
for the vulnerability. The bug is only exploitable locally, limiting
their impact, according to security researchers.

Separately, Cisco warned of a bug in its Intrusion Prevention System
(IPS) that could allow a local user to gain full administrator
privileges.

Although the flaws aren't highly serious, the fact that Cisco's
products are so widely used gives them more potential impact. Cisco
offered patching instructions for the flaws in its advisories.

Most major security vendors have been hit with significant security
glitches this year, including Symantec, McAfee and Computer
Associates.



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Cisco warns of sensor flaw, InfoSec News <=
Previous by Date:  [ISN] Zotob worm hole also affects Windows XP, InfoSec News
Next by Date:  [ISN] Security UPDATE -- Proactive Honeypots, Part 2 -- August 24, 2005, InfoSec News
Previous by Thread:  [ISN] Zotob worm hole also affects Windows XP, InfoSec News
Next by Thread:  [ISN] Security UPDATE -- Proactive Honeypots, Part 2 -- August 24, 2005, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]