Next Page >>
management console
2. Reboot to activate the new settings by using the following command:
shell# reboot
Changing the Management Console Username and Password
+----------------------------------------------------
Complete these steps:
1. Open the following file in a text editor:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-007: SAP Management Console Multiple Denial of Service
This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2011-001: SAP Management Console Unauthenticated Service Restart
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2011-002: SAP Management Console Information Disclosure
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 28, 2009
I. BACKGROUND
Symantec System Center is an MMC (Microsoft Management Console) snap-in
that allows an administrator to remotely manage Symantec products. The
Symantec System Center comes bundled with several Symantec products,
including Symantec Client Security and Symantec AntiVirus. It contains
an optional component called the Alert Management System Console. This
component starts a service (Intel File Transfer) that listens on TCP
#######################################################################
Luigi Auriemma
Application: MicroWorld eScan Server (aka eScan Management Console)
http://www.mwti.net
Versions: <= 9.0.742.98
Platforms: Windows
Bug: directory traversal
Exploitation: remote
ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-130
April 13, 2011
-- CVE ID:
CVE-2011-1653
-- CVSS:
More information is available from McAfee at:
McAfee Security Bulletin SB10004
Intrushield NSM update fixes XSS flaw
https://kc.mcafee.com/corporate/index?page=content&id=SB10004
Follow best practices of placing the security management console on a segregated management network. Apply restrictive, default-deny firewall policies to protect these assets from access by unauthorized users.
Do not perform administrative access of security management consoles from computers exposed to the Internet through web browsing, email, and other applications. Lock down and heavily monitor systems used to perform administrative tasks such as accessing security management consoles.
Details
More information is available from McAfee at:
McAfee Security Bulletin SB10005
Intrushield NSM update fixes Session Hijacking flaw
https://kc.mcafee.com/corporate/index?page=content&id=SB10005
Follow best practices of placing the security management console on a segregated management network. Apply restrictive, default-deny firewall policies to protect these assets from access by unauthorized users.
Do not perform administrative access of security management consoles from computers exposed to the Internet through web browsing, email, and other applications. Lock down and heavily monitor systems used to perform administrative tasks such as accessing security management consoles.
Details
F5 BIG-IP Web Management Console XSS
Product: F5 BIG-IP
http://www.f5.com/products/big-ip/
The F5 BIG-IP web management interface contains a potentially persistent cross-site scripting vulnerability in the "Console" feature. Output from executed console commands is wrapped in <t_extarea> [intentionally misspelled] so the content is displayed verbatim but there is no protection against forced premature termination of the textarea block with an injected </t_extarea> tag.
Example command output with the exploit:
1. IBM Tivoli Provisioning Manager Express Multiple Cross-Site
Scripting Vulnerabilities
2. IBM Tivoli Provisioning Manager Express Remote Username
Enumeration Weakness
3. Computer Associates eTrust Threat Management Console
IP Address HTML Injection Weakness
4. Gadu-Gadu Skin Attribute Handling Remote Denial of Service
Vulnerability
5. Gadu-Gadu Remote User Addition Vulnerability
PR07-29: Two XSS on Blue Coat ProxySG Management Console
Vulnerability found: 23 July 2007
Vendor informed: 20 August 2007
Vulnerability fixed: 29 October 2007
Advisory publicly released: 1 November 2007
would also be able to easily capture the full credentials to access
the VM with a specially crafted XSS payload.
(e) Remote code execution
JBoss JMX Management Console is exposed and can be used by remote attackers to
execute arbitrary commands on the system:
http://server:9080/jmx-console/
JBoss Web Console is exposed as well and can be used by remote attackers to
-- Affected Vendors:
Cisco
-- Affected Products:
Cisco Security Agent Management Console
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Cisco Security Agent Management Console.
Authentication is not required to exploit this vulnerability.
http://www.serv-u.com
Versions: <= 11.1.0.3
Platforms: Windows, Linux
bug B should affect only some Windows versions
Bugs: A] sockets and ports consumption
B] possible access to the management console
Exploitation: remote
Date: 03 Dec 2011
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
------------------------------------------------------------------
4. Affected Products:
Unidesk Management Console version 1.3.0 and prior.
------------------------------------------------------------------
5. Solution: Upgrade to version 1.4.0
The folders that contain help systems are:
o Administrative UI Help:
<policy server home>\admin\help
o Policy Server Management Console Help:
<policy server home>\bin\smconsole-help
o SiteMinder Test Tool Help:
<policy server home>\bin\smtest-help
Vulnerability:
The web management interface of Citrix NetScaler stores the user's credentials in an encrypted form in the cookie, namely values ns1 and ns2. In addition the cookie contains other encrypted information in values ns3, ns4, and ns5. Since the encryption is a simple XOR with a fixed key stream it is possible to determine parts of the key stream by XOR'ing a known plaintext with its corresponding ciphertext. This in turn allows the attacker to recover the plaintext form of the user's credentials by applying the key stream to cookie values ns1 and ns2. Furthermore, the cipher does not in any way pad the plaintext before it gets encrypted so the length of the ciphertext is equal to the length of the plaintext, which also provides a clue about the plaintext.
There are several approaches to obtain the ciphertext for some known plaintext:
* Log into the management console with the attacker's own credentials (if the attacker is a configured user, even with minimal privileges) and analyze his own cookie.
* Make an educated guess about the username contained in ns1. (As an example, the default root user on NetScaler is "nsroot".)
* Make an educated guess about the device hostname or IP address, which is contained in ns3. (As an example, the "main" IP address is stored unencrypted in cookie value "domain". This is a minor vulnerability all by itself.)
* Use cookie value ns4, which is an encrypted value of "NS".
* Use cookie value ns5, which is an encrypted value of either "true" or "false".
F5 BIG-IP Web Management Console CSRF
Product: F5 BIG-IP
http://www.f5.com/products/big-ip/
By design the F5 BIG-IP web management interface allows a logged-in user with Resource Manager or Administrator privileges to execute an arbitrary bigpipe shell command through the web "Console" feature. It is possible to craft URL links that would execute the command with a simple HTTP GET request. Cross-site attacks may leverage this functionality to reconfigure the BIG-IP appliance, including creating new administrators.
Acronis Group Server is a component of Acronis True Image Echo Server
(Workstation and Enterprise packages) which "allows the viewing and
managing of backup tasks for all systems in the network from the
Acronis Management Console".
#######################################################################
======
ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-134
April 13, 2011
-- CVE ID:
CVE-2011-1653
-- CVSS:
Exploitation of these vulnerabilities results in arbitrary code
execution with SYSTEM privileges.
The OVTrace service, while not crucial to normal operations, is started
by default. The OVTrace service is also present on systems that have
only the management console installed as well as systems that have a
full installation of the server and console installed.
IV. DETECTION
iDefense has confirmed the existence of these vulnerabilities in HP
This vulnerability allows remote attackers to upload arbitrary files on
vulnerable installations of Novell Access Manager. Authentication is not
required to exploit this vulnerability.
The specific flaw exists within the PortalModuleInstallManager component
of the Novell Management Console which exists within the servlet located
within nps.jar. Due to a failure to sanitize '../' directory traversal
modifiers from a parameter an attacker can specify any filename to
upload arbitrary contents into. Successful exploitation can result in
code execution under the context of the service.
======================================================================
3) Vendor's Description of Software
"HP Power Manager is a web-based application that enables
administrators to manage an HP UPS from a browser-based management
console. ... A familiar browser interface provides secure access to
Management Servers anywhere on the network."
Product Link:
http://h18000.www1.hp.com/products/servers/proliantstorage/power-
protection/software/power-manager/index.html
======================================================================
3) Vendor's Description of Software
"HP Power Manager is a web-based application that enables
administrators to manage an HP UPS from a browser-based management
console. ... A familiar browser interface provides secure access to
Management Servers anywhere on the network."
Product Link:
http://h18000.www1.hp.com/products/servers/proliantstorage/power-
protection/software/power-manager/index.html
Introduction
In our earlier "ZyXEL Gateways Vulnerability Research" paper[1], we
introduced a new technique: SNMP injection a.k.a. persistent HTML
injection via SNMP. Such a technique allowed us to cause a persistent
HTML injection condition on the web management console of several ZyXEL
Prestige router models.
Provided that an attacker has guessed or cracked the write SNMP
community string of a device, he/she would be able to inject malicious
code into the administrative web interface by changing the values of
ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-132
April 13, 2011
-- CVE ID:
CVE-2011-1653
-- CVSS:
F5 BIG-IP Web Management Console CSRF
Product: F5 BIG-IP
http://www.f5.com/products/big-ip/
By design the F5 BIG-IP web management interface allows a logged-in user with Resource Manager or Administrator privileges to execute an arbitrary bigpipe shell command through the web "Console" feature. It is possible to craft URL links that would execute the command with a simple HTTP GET request. Cross-site attacks may leverage this functionality to reconfigure the BIG-IP appliance, including creating new administrators.
ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-133
April 13, 2011
-- CVE ID:
CVE-2011-1653
-- CVSS:
CA Gateway Security 9.0
How to determine if the installation is affected
- From the CA Gateway Security Management Console, select About to view
version information. If the version displayed is less than 8.1.0.69,
the installation is vulnerable.
Solution
Next Page>>
|
