Vulnerability Note VU#173009

Snare Agent web interface cross-site request forgery vulnerabilities

Original Release date: 29 Jun 2010 | Last revised: 01 Jul 2010

Overview

The Snare Agent web interface is susceptible to cross-site request forgery attacks.

Description

The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and are susceptible to a cross-site request forgery attack.

The vulnerability is reported in the following products and versions:

  • Snare for Solaris 3.2.3 and prior
  • Snare for Windows 3.1.7 and prior
  • Snare for Linux 1.5.0 and prior
  • Snare for AIX 1.5.0 and prior
  • Snare for Irix 1.4 and prior
  • Epilog for Windows 1.5.3 and prior
  • Epilog for Unix version 1.2 and prior

Impact

An attacker can change several agent settings, such as the password or listening port, if able to trick an administrator into visiting a specially crafted link.

Solution

The vendor has released patched versions of the agent to remediate this issue.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
InterSect AllianceAffected-01 Jul 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Russ McRee for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: Unknown
  • Date Public: 29 Jun 2010
  • Date First Published: 29 Jun 2010
  • Date Last Updated: 01 Jul 2010
  • Document Revision: 15

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.