Successful Control of Vulnerability Detected in CSAMC

Local users with bad intentions could acquire increased privileges by exploiting security vulnerability in Cisco Systems Inc.'s Security Agent Management Center (CSAMC). However, in an advisory, the firm said that updates have been developed to resolve the problem. On November 1, 2006, Cisco was able to fix a critical fault in its CSAMC software that would have allowed distant 0malicious users to avoid authentication and gain unlimited access to the software. A failing in the verification process caused the flaw during the configuration of the device that enables it to utilize an outside server with Lightweight Directory Access Protocol (LDAP) for authentication.

CSAMC is applied to compose security policies for desktop PCs and networked servers. The vulnerability affects CSAMC variant 5.1 with hotfix before 5.1.0.7.9 that is the first variant of the software that can authenticate users through the LDAP. If the LDAP option is turned on in CSAMC, a remote attacker could break into the Web-based interface of the software by accessing a proper administrative user name and using a blank password. The problem arises from the failure of CSAMC to address error responses.

A hacker with a legitimate administrator username can access the CSMAC application after the successful abuse of this security lapse. The hacker would get all the benefits of the exploited administrator account. If the task of the administrator is to configure or implement, policy changes may be made for supervised CSA clients. This can then be exploited to diminish the security standing of managed systems and permit potential strife into the controlled systems. Incursions into them.

Free software has been dispensed to affected consumers by the company to patch this weakness. The advisory gives the details for installation of the updates.

Furthermore, sometime back this year; Cisco addressed a denial-of-service flaw in Security Agent that malicious agents could abuse by dispatching a developed IP packet to a Windows workstation or server operating Security Agent 4.5.

Users have been advised to update at the earliest. This may be a difficult undertaking, specifically for ISPs and organizations that operate customized patterns. Bad patches and routers unable to reboot properly have often affected network operators in the past. It will take some time to settle these problems.

Related article: Significant Rise in Cyber Threats are Expected in 2008

» SPAMfighter News - 11/7/2006