[NEWS] CiscoWorks Internetwork Performance Monitor Command Execution Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



CiscoWorks Internetwork Performance Monitor Command Execution
Vulnerability
------------------------------------------------------------------------


SUMMARY

CiscoWorks Internetwork Performance Monitor (IPM) version 2.6 for Sun
Solaris and Microsoft Windows operating systems contains a vulnerability
that allows remote, unauthenticated users to execute arbitrary commands.
There are no workarounds for this vulnerability. Cisco has made free
software available to address this issue for affected customers.

DETAILS

Vulnerable Systems:
* IPM version 2.6 for Solaris and Windows

Immune Systems:
* PM versions 2.5 and earlier
* IPM version 4.0

CiscoWorks IPM is a troubleshooting application that gauges network
response time and availability. It is available as a component within the
CiscoWorks LAN Management Solution (LMS) bundle. IPM version 2.6 for
Solaris and Windows contains a process that causes a command shell to
automatically be bound to a randomly selected TCP port. Remote,
unauthenticated users are able to connect to the open port and execute
arbitrary commands with casuser privileges on Solaris systems and with
SYSTEM privileges on Windows systems. This vulnerability is documented in
CVE-2008-1157 and Cisco Bug ID CSCsj06260 ( registered customers only) .

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1157>
CVE-2008-1157

Impact:
Successful exploitation of the vulnerability may result in the ability to
execute arbitrary commands with the non-privileged casuser user account on
Solaris systems and with full administrative SYSTEM privileges on Windows
systems.


ADDITIONAL INFORMATION

The information has been provided by <mailto:psirt@xxxxxxxxx> Cisco
Systems Product Security Incident Response Team.
The original article can be found at:
<http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml>
http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages