What You Don’t Know Can Hurt You -- Microsoft Certified Professional Magazine Online

What You Don’t Know Can Hurt You

Vulnerabilities in products from Cisco, Sun Java and Nagios can help hackers into systems via less obvious methods if IT doesn't think creatively.

By Russ Cooper
12/03/2007

In information security, "what you don't know can hurt you" is a glaringly obvious statement to make, and the problems we don’t know about are sometimes less obvious than we imagine. Here’s a good set of examples:

Still Using Default Password in Cisco WCS?
Cisco Wireless Control System (WCS) includes a utility to convert a Cisco Wireless LAN Solution Engine (WLSE) into a WCS. The utility defines a default Linux root password in addition to a WCS root password. Upon completion of the conversion, the utility fails to remove or prompt to change the default Linux root password. As such, a considerable number of WCS systems that were upgraded from WLSE may have the same, widely known Linux root password. Updates are available.

Did you verify that the Linux root password was changed to something you specified after the conversion? You weren’t prompted to do this. If you did change it, congrats!

Breaking Sun Java's XSLT Stylesheet
The Java System Portal Server is a community-based environment that allows dynamic participation and collaboration. However, in the handling of XLST transformations -- specifically in how the Portal Server deals with Digital Signature elements in XML files -- a criminal could cause code of his or her choice to execute in the context of the victim user. Patches are available.

Do you know what the format of the digital signature element should look like? Are you vetting XML files, like you’d vet anything else submitted to a shared site? It would be trivial to have any uploaded files pass through regex filters that ensured the content was, at least, of a valid length.

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

Flaw with Nagios Plugins Location Header Validation
Nagios Plugins, the individual monitoring check and response modules for the Enterprise managing tool Nagios, contains a buffer overflow. In particular, this vulnerability affects how Nagios Plugins handles the HTTP response it may receive. If that response contains an overly long "Location" value, as part of a redirection, the module’s buffer could be exploited to allow a criminal’s code to execute. Updates are available.

You might say to yourself, “Well hey, I can’t be exploited because the only sites I monitor with Nagios are my own sites!" Great, but what if one were to be compromised, and a criminally crafted Location header is added to the HTTP responses it sends -- especially if one you’re monitoring is in a hosting facility!

So, consider these examples as exercises in thinking outside the box.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.