Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CiscoWorks and sybase information disclosure

I'm running CiscoWorks RME4.0.5 on Solaris 9. I received the following in the security audit for CiscoWorks server. Can someone tell me if it is safe to apply the recommended changes without hurting CiscoWorks functionality?

Thanks.

5.6.19 Sybase Information Disclosure

Observation: The remote database server is affected by an information disclosure vulnerability.

Tool Used: ISS Internet Scanner

Risk - Medium: The remote Sybase SQL Anywhere / Adaptive Server Anywhere database is configured to listen for client connection broadcasts, which allows an attacker to see the name and port that the Sybase SQL Anywhere / Adaptive Server Anywhere server is running on.

Ease of Exploit: Medium difficulty to execute.

Recommendations: Switch off broadcast listening via the '-sb' switch when starting Sybase.

5 REPLIES
Cisco Employee

Re: CiscoWorks and sybase information disclosure

Do NOT make any changes to the ASA configuration in LMS. I filed CSCsk35018 to get these changes incorporated into a release, and they should be part of LMS 3.1.

Community Member

Re: CiscoWorks and sybase information disclosure

Joe

I'm not able to view the bug, is it possible that you can post the content of the bug. anything can be done to make the security guys happy, I understand that recommendations to "Switch off broadcast listening via the '-sb' switch when starting Sybase" is something need to be done in the LMS and we should not do that.

Thanks.

Cisco Employee

Re: CiscoWorks and sybase information disclosure

Symptom:

The CiscoWorks databases open UDP ports to listen for client broadcasts. The server can reply with information about the database port and engine name.

Conditions:

This occurs with the default database configuration for all CiscoWorks databases.

Workaround:

If possible, use access-lists or firewalls to restrict client access to the CiscoWorks server.

Blue

Re: CiscoWorks and sybase information disclosure

Any ETA for LMS 3.1?

Cisco Employee

Re: CiscoWorks and sybase information disclosure

Late spring, early summer of next year.

897
Views
0
Helpful
5
Replies
CreatePlease to create content