July 20, 2006 11:09 AM PDT

Cisco patches security-monitoring system

Networking giant Cisco Systems has fixed several flaws in a security monitoring product meant to protect networks against attacks.

The company outlined the vulnerabilities in its Cisco Security Monitoring Analysis and Response System in an advisory Wednesday. The three vulnerabilities could allow intruders to gain remote access to systems and to glean sensitive information, Cisco said. They relate to the CS-MARS system itself and to the way it interacts with software from Oracle and JBoss.

Cisco said it has patched CS-MARS version 4.2.1 and later, and urged customers to apply all available updates. All previous CS-MARS versions, however, are affected by the flaws.

CS-MARS, which monitors network devices and reports security problems, uses Oracle databases to store sensitive network information, such as authentication credentials for firewalls, routers and IPS devices. Cisco noted that Oracle databases have several built-in default accounts that use well-known passwords. As a result, a malicious attacker could potentially gain access to the information stored in the database.

A malicious attacker could also execute remote code on a CS-MARS appliance and gain administrator privileges via an optional JBoss JMX console. JBoss Web application servers can be used with CS-MARS.

In CS-MARS itself, the problem lies in the command line interface, or CLI, which is designed to allow authenticated administrators to conduct maintenance on their systems. However, several flaws in the CLI could allow an attacker to escalate their privileges to gain root access to a machine, according to a a posting from the SANS Institute's Internet Storm Center.

See more CNET content tagged:
Cisco Systems Inc., JBoss, security monitoring, Oracle Database, Oracle Corp.

2 comments

Join the conversation!
Add your comment
Securing monitoring systems needs security software!
This could almost be a comical anecdote... if it didn't have such serious repercussions With all that we know about fraudsters, worms, malware, spyware, spam, laptop thefts, security breaches and the like, why arent these security companies more serious about their security products?
<a class="jive-link-external" href="http://www.techknowbizzle.com/2006/06/data-security-gets-worse-as-hackers-go.html" target="_newWindow">http://www.techknowbizzle.com/2006/06/data-security-gets-worse-as-hackers-go.html</a>
According to this article, "three vulnerabilities could allow intruders to gain remote access to systems and to glean sensitive information"  meaning your vital data such as financial documents, personal information, etc. is at risk.
Perhaps when our security software& NEEDS security software, it is time to invest the time and finances into researching and implementing better measures of protection.
Posted by ml_ess (71 comments )
Reply Link Flag
it is time to invest the time
<a class="jive-link-external" href="http://www.analogstereo.com/lexus_gs_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/lexus_gs_owners_manual.htm</a>
Posted by Ipod Apple (152 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.