Date: Fri, 24 May 2002 13:42:07 -0500
From: [email protected]
To: [email protected], [email protected]Subject: Cisco IDS Device Manager 3.1.1 Advisory
--0__=86256BC30066470B8f9e8a93df938690918c86256BC30066470B
Content-type: text/plain; charset=us-ascii
On May 15th I discovered and reported a vulnerability to Cisco about their
IDS Device Manager software. On the 17th they issued this advisory to
everyone that downloaded the software. The vulnerability that I reported
was the Cisco IDS Device Manager Arbitrary File Read Access Vulnerability.
I provided the example URL of https://<sensor>/../../../../../etc/shadow to
Cisco TAC and to you guys at SecurityFocus. Cisco now has a fixed version
for IDS Device Manager, now at version 3.1.2. The url for the software is
at http://www.cisco.com/cgi-bin/tablebuild.pl/ids-appsens. The name of the
file is IDSk9-sp.3.1-2-S23.bin. Users that installed IDSk9-sp.3.1-1-S22.bin
will need to uninstall this service pack by typing the command
#IDSk9-sp.3.1-1-S22.bin -U before applying the new service pack.
Andrew Lopacki
Intrusion Analyst
AmSouth Bank
(See attached file: ids.txt.asc)
--0__=86256BC30066470B8f9e8a93df938690918c86256BC30066470B
Content-type: application/octet-stream;
name="ids.txt.asc"
Content-Disposition: attachment; filename="ids.txt.asc"
Content-transfer-encoding: base64
LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQoKRGVhciBDdXN0b21lciwKClRoZSBD
aXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkgSW5jaWRlbnQgUmVzcG9uc2UgVGVhbSBoYXMg
YmVlbiBub3RpZmllZAp0aGF0IHRoZSBJRFMgc2Vuc29yIHNlcnZpY2UgcGFjayB2ZXJzaW9uIDMu
MS4xIHNvZnR3YXJlIHJlbGVhc2UgaGFzIGEgCnNlY3VyaXR5IHZ1bG5lcmFiaWxpdHkgaW4gaXRz
IG5ld2x5IGludHJvZHVjZWQgd2ViIHNlcnZlciBjb21wb25lbnQuCgpUaGlzIHJlbGVhc2Ugd2Fz
IGF2YWlsYWJsZSBmcm9tIHRoZSBDaXNjbyBTb2Z0d2FyZSBDZW50ZXIgZnJvbSBGcmlkYXksIDIw
MDIKTWF5IDEwIHRvIFdlZG5lc2RheSwgMjAwMiBNYXkgMTUuIEFjY29yZGluZyB0byBvdXIgZG93
bmxvYWQgbG9ncywgd2UgYmVsaWV2ZQp5b3UgbWF5IGhhdmUgZG93bmxvYWRlZCB0aGlzIHZ1bG5l
cmFibGUgcmVsZWFzZSB3aXRoIHRoZSBmaWxlbmFtZQoiSURTazktc3AtMy4xLTEtUzIyLmJpbiIg
ZHVyaW5nIHRoYXQgcGVyaW9kLgoKVGhlIHZ1bG5lcmFiaWxpdHkgaW4gdGhlIHdlYiBzZXJ2ZXIg
ZmVhdHVyZSBvZiB0aGUgcmVsZWFzZSBhbGxvd3MgY2VydGFpbgpVUkxzIHRvIGdhaW4gdW5hdXRo
b3JpemVkIHZpZXcgYWNjZXNzIHRvIGZpbGVzIG9uIHRoZSBmaWxlIHN5c3RlbS4KCgpJZiB5b3Ug
aGF2ZSBhbHJlYWR5IHVwZ3JhZGVkIHRvIHRoaXMgcmVsZWFzZSB5b3UgaGF2ZSB0d28gb3B0aW9u
cy4KCkEpIElmIHlvdSBzdGlsbCB3YW50IHRvIHVzZSB0aGUgd2ViIHNlcnZlciBmZWF0dXJlIHRo
ZW4gbmFycm93IGRvd24gdGhlIElQCmFkZHJlc3NlcywgdGhhdCB3aWxsIGJlIGFsbG93ZWQgdG8g
Y29ubmVjdCB0byB0aGUgZGV2aWNlLCB2aWEgdGhlIEFDTCBieSAKZm9sbG93aW5nIHRoZSBzdGVw
cyBiZWxvdzoKICAxKSBMb2cgaW4gdG8gdGhlIHNlbnNvciBhcyByb290IGFuZCBydW4gJ3N5c2Nv
bmZpZy1zZW5zb3InLgogIDIpIFNlbGVjdCBvcHRpb24gJzUnIC0gRm9sbG93IG9uLXNjcmVlbiBp
bnN0cnVjdGlvbnMgdG8gc2V0dXAgeW91ciBBQ0wKICAzKSBFeGl0IG91dCBvZiBzeXNjb25maWct
c2Vuc29yLgpOb3RlOiBUaGlzIHdpbGwgbm90IHByb3RlY3QgYWdhaW5zdCBzcG9vZmVkIHBhY2tl
dHMgYnV0IHdpbGwgcHJldmVudCB0aGUgCiAgICAgIGNhc3VhbCBicm93c2VyIGZyb20gZXhwbG9p
dGluZyB0aGUgdnVsbmVyYWJpbGl0eS4KCkIpIERpc2FibGUgdGhlIHdlYiBzZXJ2ZXIgYnkgZm9s
bG93aW5nIHRoZSBzdGVwcyBiZWxvdzoKICAxKSBMb2cgaW4gdG8gdGhlIHNlbnNvciBhcyByb290
IGFuZCBydW4gJ3N5c2NvbmZpZy1zZW5zb3InLgogIDIpIFNlbGVjdCBvcHRpb24gJzExJyAtIElE
UyBEZXZpY2UgTWFuYWdlcicgYW5kIHRvZ2dsZSB0aGUgQ3VycmVudCBNb2RlIHRvCiAgICAgRGlz
YWJsZS4KICAzKSBFeGl0IG91dCBvZiBzeXNjb25maWctc2Vuc29yLgogIDQpIFJ1biAnY2lkU2Vy
dmVyIHZlcnNpb24nIHRvIHZlcmlmeSB0aGF0IHRoZSB3ZWIgc2VydmVyIGlzIG5vdCBydW5uaW5n
LgoKU3RlcCBieSBzdGVwIGluc3RydWN0aW9uIGZvciB0aGUgYWJvdmUgdHdvIG9wdGlvbnMgYXJl
IGFsc28gYXZhaWxhYmxlIGF0IApodHRwOi8vd3d3LmNpc2NvLmNvbS91bml2ZXJjZC9jYy90ZC9k
b2MvcHJvZHVjdC9pYWFidS9jc2lkcy9jc2lkczgvMTM4NzBfMDEuaHRtCgoKVGhlIGNvcnJlY3Rl
ZCBzb2Z0d2FyZSByZWxlYXNlIG9mIHRoZSBzZW5zb3Igc2VydmljZSBwYWNrIGhhdmluZyBhIG5l
dwp2ZXJzaW9uIDMuMS4yIGFuZCB3aXRoIHRoZSBmaWxlbmFtZSAiSURTazktc3AtMy4xLTItUzIz
LmJpbiIgd2lsbCBiZQphdmFpbGFibGUgZm9yIGRvd25sb2FkIGZyb20gdGhlIENpc2NvIFNvZnR3
YXJlIENlbnRlciBieSBTYXR1cmRheSwgMjAwMiBNYXkKMTggMDA6MDAgR01ULgoKV2UgcmVncmV0
IGFueSBhZ2dyYXZhdGlvbiBvciBpbmNvbnZlbmllbmNlIHRoYXQgdGhpcyBlcnJvciBtYXkgaGF2
ZSBjYXVzZWQKeW91LiBQbGVhc2UgdGFrZSB0aGUgbmVjZXNzYXJ5IHN0ZXBzIHRvIHByb3RlY3Qg
eW91cnNlbGYgZnJvbSB0aGlzCnZ1bG5lcmFiaWxpdHkuCgpGb3IgY3VzdG9tZXIgc3VwcG9ydCBp
bmZvcm1hdGlvbiByZWdhcmRpbmcgQ2lzY28gc29mdHdhcmUgcHJvZHVjdHMsIHBsZWFzZQpjb250
YWN0IHRoZSBDaXNjbyBUZWNobmljYWwgQXNzaXN0YW5jZSBDZW50ZXIgKFRBQykgYnkgZS1tYWls
IHRvCiJ0YWNAY2lzY28uY29tIiBvciBieSB0ZWxlcGhvbmUgdG8gKDgwMCk1NTMtMjQ0NyAoKzEg
NDA4IDUyNiA3MjA5IGlmIGNhbGxpbmcKZnJvbSBvdXRzaWRlIE5vcnRoIEFtZXJpY2EpLiAgQWRk
aXRpb25hbCBUQUMgY29udGFjdCBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQKYXQgaHR0cDovL3d3
dy5jaXNjby5jb20vd2FycC9wdWJsaWMvNjg3L0RpcmVjdG9yeS5zaHRtbCAuCgpQbGVhc2UgZGly
ZWN0IGNvbW1lbnRzIGFuZCBxdWVzdGlvbnMgcmVnYXJkaW5nIHRoZSBjb250ZW50IG9mIHRoaXMg
bm90aWNlIHRvCnRoZSBDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkgSW5jaWRlbnQgUmVz
cG9uc2UgVGVhbSB2aWEgZS1tYWlsIHRvCiJwc2lydEBjaXNjby5jb20iLiAgRnVydGhlciBpbmZv
cm1hdGlvbiBvbiBDaXNjbydzIHJlc3BvbnNlIHRvIHByb2R1Y3QKc2VjdXJpdHkgaXNzdWVzIGFu
ZCBjdXN0b21lciBzZWN1cml0eSBpbmNpZGVudHMgY2FuIGJlIGZvdW5kIGF0Cmh0dHA6Ly93d3cu
Y2lzY28uY29tL2dvL3BzaXJ0IC4KClNpbmNlcmVseSwKCkNpc2NvIFN5c3RlbXMgUHJvZHVjdCBT
ZWN1cml0eSBJbmNpZGVudCBSZXNwb25zZSBUZWFtCmh0dHA6Ly93d3cuY2lzY28uY29tL2dvL3Bz
aXJ0CgotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQpWZXJzaW9uOiBQR1AgNi41LjgKQ29t
bWVudDogU2lnbmVkIGJ5IFNoYXJhZCBBaGxhd2F0LCBDaXNjbyBTeXN0ZW1zIFBTSVJUCgppUUVW
QXdVQlBPUWdWUS9WTEorYnVkVFRBUUdUUkFnQWlpYjY3a2g5TkhJNXdIbkI0eDQxVWdGdFAyMHFV
dnR4CkYwNWtQZkhsaDRSM1ZkUU84Tk45YUFnY2Zocldnc3dUYzBvNlM5MUpUeGx5TVVSUDZPbUc0
ME1lbndnMkUyYjEKUHIxaXNBQ1Vua2ZyUjErWWhXWlNaL1QrTFB2UFlnSGNJQTU0dkh5UTJxQlNP
N3V3NW4weFRNNWFPWk12TmNneApudEpKNGRRT0Y4L2wzbDFDK0NHVFRUbkZ0U01McVJIOUlDM2pa
Y3BFd3R5dmI1Q01GV2VPZ04zVXcrdTZrZHNoCi9waG1LZXpSNVBWejRPb2dKL01HSllnOHZna2tY
Qyt0SU01eERqNmdHeDNiYUFFbzdJMm9ycStDbDV2dkkwV1cKUjgrSUpIaE5NNFpDa2toajJUR0FP
eW9qMFRkRWJBZTZNbFIxNEQzS1NOZ24wMzl6SGdzWCt3PT0KPUZpTTEKLS0tLS1FTkQgUEdQIFNJ
R05BVFVSRS0tLS0tCg==
--0__=86256BC30066470B8f9e8a93df938690918c86256BC30066470B--
