Applied Watch Command Center Authentication Flaw Lets Remote Users Add Accounts and IDS Rules
|
|
SecurityTracker Alert ID: 1008338
|
|
CVE Reference: CAN-2003-0974
(Links to External Site)
|
Updated: Dec 2 2003
|
Original Entry Date: Nov 28 2003
|
Impact: Modification of user information, User access via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 1.4.5
|
Description: Two vulnerabilities were reported in Applied Watch Command Center in the authentication of commands. A remote user can add authorized users and can add intrusion detection rules.
It is reported that the server fails to authenticate certain messages, allowing a remote user to take certain actions on the system.
A
remote user can reportedly send a specially crafted message to the target system to add new users to a console without having to
first authenticate the message.
It is also reported that a remote user can send a specially crafted message to the system to
add a custom intrusion detection rule to all sensor nodes on the managed network. A remote user can exploit this flaw to, for example,
insert bogus rules to cause valid traffic to be detected as an intrusion, the report said.
Some demonstration exploits are available
in the original advisory.
The original advisory is available at:
http://www.bugtraq.org/advisories/_BSSADV-0000.txt
|
Impact: A remote user can add users to the system.
A remote user can add intrusion detection rules to the sensors.
|
Solution: The vendor has released a fixed version of Applied Watch Server (1.4.5), available at:
https://my.appliedwatch.com
|
Vendor URL: www.appliedwatch.com/subpage.php?page=products (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Reported By: Bugtraq Security Systems <research@bugtraq.org>
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
