search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Snare Agent web interface cross-site request forgery vulnerabilities

Vulnerability Note VU#173009

Original Release Date: 2010-06-29 | Last Revised: 2010-07-01

Overview

The Snare Agent web interface is susceptible to cross-site request forgery attacks.

Description

The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and are susceptible to a cross-site request forgery attack.

The vulnerability is reported in the following products and versions:

    • Snare for Solaris 3.2.3 and prior
    • Snare for Windows 3.1.7 and prior
    • Snare for Linux 1.5.0 and prior
    • Snare for AIX 1.5.0 and prior
    • Snare for Irix 1.4 and prior
    • Epilog for Windows 1.5.3 and prior
    • Epilog for Unix version 1.2 and prior

Impact

An attacker can change several agent settings, such as the password or listening port, if able to trick an administrator into visiting a specially crafted link.

Solution

The vendor has released patched versions of the agent to remediate this issue.

Vendor Information

173009
 
Affected   Unknown   Unaffected

InterSect Alliance

Updated:  July 01, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

A patched version has been released to remediate this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Russ McRee for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: None
Date Public: 2010-06-29
Date First Published: 2010-06-29
Date Last Updated: 2010-07-01 18:56 UTC
Document Revision: 15

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.