Vulnerability Note VU#173009

Snare Agent web interface cross-site request forgery vulnerabilities

Overview

The Snare Agent web interface is susceptible to cross-site request forgery attacks.

I. Description

The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and are susceptible to a cross-site request forgery attack.

The vulnerability is reported in the following products and versions:

Snare for Solaris 3.2.3 and prior
Snare for Windows 3.1.7 and prior
Snare for Linux 1.5.0 and prior
Snare for AIX 1.5.0 and prior
Snare for Irix 1.4 and prior
Epilog for Windows 1.5.3 and prior
Epilog for Unix version 1.2 and prior

II. Impact

An attacker can change several agent settings, such as the password or listening port, if able to trick an administrator into visiting a specially crafted link.

III. Solution

The vendor has released patched versions of the agent to remediate this issue.

Vendor Information

Vendor	Status	Date Notified	Date Updated
InterSect Alliance	Affected		2010-07-01

References

http://holisticinfosec.org/content/view/144/45/
http://secunia.com/advisories/39562
http://www.intersectalliance.com/projects/index.html

Credit

Thanks to Russ McRee for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:	2010-06-29
Date First Published:	2010-06-29
Date Last Updated:	2010-07-01
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	0.00
Document Revision:	15

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2010 by US-CERT, a government organization
Disclaimers and copyright information Get a PDF Reader