CiscoWorks and sybase information disclosure

nawas · ‎12-04-2007

I'm running CiscoWorks RME4.0.5 on Solaris 9. I received the following in the security audit for CiscoWorks server. Can someone tell me if it is safe to apply the recommended changes without hurting CiscoWorks functionality?

Thanks.

5.6.19 Sybase Information Disclosure

Observation: The remote database server is affected by an information disclosure vulnerability.

Tool Used: ISS Internet Scanner

Risk - Medium: The remote Sybase SQL Anywhere / Adaptive Server Anywhere database is configured to listen for client connection broadcasts, which allows an attacker to see the name and port that the Sybase SQL Anywhere / Adaptive Server Anywhere server is running on.

Ease of Exploit: Medium difficulty to execute.

Recommendations: Switch off broadcast listening via the '-sb' switch when starting Sybase.

Joe Clarke · ‎12-04-2007

Do NOT make any changes to the ASA configuration in LMS. I filed CSCsk35018 to get these changes incorporated into a release, and they should be part of LMS 3.1.

nawas · ‎12-05-2007

Joe

I'm not able to view the bug, is it possible that you can post the content of the bug. anything can be done to make the security guys happy, I understand that recommendations to "Switch off broadcast listening via the '-sb' switch when starting Sybase" is something need to be done in the LMS and we should not do that.

Thanks.

Joe Clarke · ‎12-05-2007

Symptom:

The CiscoWorks databases open UDP ports to listen for client broadcasts. The server can reply with information about the database port and engine name.

Conditions:

This occurs with the default database configuration for all CiscoWorks databases.

Workaround:

If possible, use access-lists or firewalls to restrict client access to the CiscoWorks server.

yjdabear · ‎12-05-2007

Any ETA for LMS 3.1?

Joe Clarke · ‎12-05-2007

Late spring, early summer of next year.