Applied Watch Command Center Authentication Flaw Lets Remote Users Add Accounts and IDS Rules
Categorie: Vulnerability Posted: 2003-12-02 by ReCall Views: 392 Source: Click here
Current Rating: Not rated
Details
Description: Two vulnerabilities were reported in Applied Watch Command Center in the authentication of commands. A remote user can add authorized users and can add intrusion detection rules.
It is reported that the server fails to authenticate certain messages, allowing a remote user to take certain actions on the system.
A remote user can reportedly send a specially crafted message to the target system to add new users to a console without having to first authenticate the message.
It is also reported that a remote user can send a specially crafted message to the system to add a custom intrusion detection rule to all sensor nodes on the managed network. A remote user can exploit this flaw to, for example, insert bogus rules to cause valid traffic to be detected as an intrusion, the report said.
Some demonstration exploits are available in the original advisory.
