In-Depth
Alerts: CiscoWorks, P2P Software Vulnerable
Cisco details vulnerabilities in CiscoWorks; eMule code hiding in P2P software
Cisco Details CiscoWorks Application Vulnerabilities
Cisco warns of two vulnerabilities in the CiscoWorks Common Management Foundation (CMF). CMF provides an application infrastructure foundation, allowing all CiscoWorks applications to share a common model for data storage, login, user role definitions, access privileges, and security protocols, as well as for navigation and launch management.
The two vulnerabilities exist in CMF version 2.1 and all previous versions. One vulnerability would allow a guest user to craft a special URL and gain administrative privileges. The other vulnerability would allow an attacker to run arbitrary commands on a CiscoWorks server, due to what Cisco describes as “an error in processing user input.” Cisco released patches for CMF versions 2.0 and 2.1.
For more information: http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml
Vulnerability in widely used P2P software
Code known as eMule, which underlies some popular peer-to-peer (P2P) file sharing programs, is vulnerable to attack, warns Stefan Esser of e-matters, a German company. In an online advisory, Esser notes that “eMule is not only a thorn in the side of the music and movie industry but also an attractive target for script kids or worm writers.”
Users inside corporate perimeters could put their companies at risk by using vulnerable P2P software. After auditing the eMule source code, Esser notes that he found multiple ways in which vulnerabilities “can be abused to disturb the eMule network or to take over other client machines.”
Estimates of the number of eMule users (including users of eMule Unix ports) vary between 1 million and 10 million.
In particular, Esser detailed four vulnerabilities. Three are methods for crashing client computers (i.e., those connected to the P2P network), such as by using a specially worded server name, which then causes a crash.
The other vulnerability allows for remote code execution. After the client receives specially formed packages, it can cause an error. Unfortunately, intrusion detection systems would not recognize the packets; they look acceptable otherwise. Esser declined to detail how exactly to trigger this attack, given its potential severity. “There are just too many vulnerable systems out there.”
For more information: http://security.e-matters.de/advisories/022003.html
About the Author
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.