Vulnerabilidades Cisco User-Changeable Password

Categoria: Alertas

sexta, 14 março 2008 11:28

Sistemas Operativos Implicados:	Cisco IOS
Aplicações Implicadas:	Indefinido

Foram identificadas vulnerabilidades no Cisco User-Changeable Password (UCP), estas poderão ser exploradas por atacantes remotos para execução de código scripting arbitrário, causar negação de serviço ou tomar o controlo completo do sistema afectado.

A primeira vulnerabilidade é causada devido a erros buffer overflow no interface HTTP no processamento de argumentos excessivamente longos (exemplo: “logout”, “Main” ou “ChangePass) passados para o script "CSuserCGI.exe". A segunda vulnerabilidade é causada devido a um erro de validação de entrada no interface HTTP ao processar o parâmetro “HELP”.

Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities
Document ID: 100519
Advisory ID: cisco-sa-20080312-ucp
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml

Summary
Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application and reported to Cisco by Felix "FX" Lindner, Recurity Labs GmbH.

The first set of vulnerabilities address several buffer overflow conditions in the UCP application that could result in remote execution of arbitrary code on the host system where UCP is installed.
The second set of vulnerabilities address cross-site scripting in the UCP application pages.

Both sets of vulnerabilities could be remotely exploited, and do not require valid user credentials.
Cisco has released a free software update for UCP that addresses these vulnerabilities.
There are no workarounds that mitigate these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml.


Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco"s software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.