12-04-2007 12:26 PM
I'm running CiscoWorks RME4.0.5 on Solaris 9. I received the following in the security audit for CiscoWorks server. Can someone tell me if it is safe to apply the recommended changes without hurting CiscoWorks functionality?
Thanks.
5.6.19 Sybase Information Disclosure
Observation: The remote database server is affected by an information disclosure vulnerability.
Tool Used: ISS Internet Scanner
Risk - Medium: The remote Sybase SQL Anywhere / Adaptive Server Anywhere database is configured to listen for client connection broadcasts, which allows an attacker to see the name and port that the Sybase SQL Anywhere / Adaptive Server Anywhere server is running on.
Ease of Exploit: Medium difficulty to execute.
Recommendations: Switch off broadcast listening via the '-sb' switch when starting Sybase.
12-04-2007 02:51 PM
Do NOT make any changes to the ASA configuration in LMS. I filed CSCsk35018 to get these changes incorporated into a release, and they should be part of LMS 3.1.
12-05-2007 07:12 AM
Joe
I'm not able to view the bug, is it possible that you can post the content of the bug. anything can be done to make the security guys happy, I understand that recommendations to "Switch off broadcast listening via the '-sb' switch when starting Sybase" is something need to be done in the LMS and we should not do that.
Thanks.
12-05-2007 08:11 AM
Symptom:
The CiscoWorks databases open UDP ports to listen for client broadcasts. The server can reply with information about the database port and engine name.
Conditions:
This occurs with the default database configuration for all CiscoWorks databases.
Workaround:
If possible, use access-lists or firewalls to restrict client access to the CiscoWorks server.
12-05-2007 12:05 PM
Any ETA for LMS 3.1?
12-05-2007 12:14 PM
Late spring, early summer of next year.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: