Secunia Advisory: | SA29376 | |
Release Date: | 2008-03-14 | |
Critical: | Moderately critical | |
Impact: | System access | |
Where: | From local network | |
Solution Status: | Vendor Patch | |
Software: | CiscoWorks Internetwork Performance Monitor (IPM) 2.x | |
CVE reference: | CVE-2008-1157 (Secunia mirror) |
A vulnerability has been reported in CiscoWorks Internetwork Performance Monitor, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the application binding a command shell to a random port on the affected system. This can be exploited to execute arbitrary commands with "casuser" privileges on Solaris, and with SYSTEM privileges on Windows.
The vulnerability affects version 2.6 on Windows and Solaris.
Solution:
Apply vendor patch.
IPM version 2.6 CSCsj06260:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ipm-sol?psrtdcat20e2
Provided and/or discovered by:
The vendor credits a Cisco customer.
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml
資料來源 secunia.com/advisories/29376/
全站熱搜
留言列表