Wiki source code of Security Advisory 2012-09-13
Version 11.1 by Arthur Heffern on 2012/10/09 14:59
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | |||
| 2 | |||
| 3 | (% style="color: rgb(0, 0, 0); color: rgb(51, 51, 51)" %)This advisory discloses security vulnerabilities that we have found in the iSymphony Server component. | ||
| 4 | |||
| 5 | * **Customers who have downloaded and installed iSymphony **should implement OS-based firewalling to their existing iSymphony installations to fix this vulnerability. (% style="color: rgb(0,0,0);" %) | ||
| 6 | |||
| 7 | (% style="color: rgb(0,0,0);" %)i9 Technologies is committed to improving product security and an update will be posted which addresses this issue.(% style="color: rgb(255,0,0);" %) | ||
| 8 | |||
| 9 | |||
| 10 | If you have questions or concerns regarding this advisory, please raise a support request at [[http:~~/~~/www.getisymphony.com/support>>url:http://www.getisymphony.com/support||shape="rect"]]. | ||
| 11 | |||
| 12 | |||
| 13 | |||
| 14 | {{section}} | ||
| 15 | {{column}} | ||
| 16 | = Security Vulnerabilities = | ||
| 17 | |||
| 18 | == Vulnerability == | ||
| 19 | |||
| 20 | ==== Severity ==== | ||
| 21 | |||
| 22 | HIGH | ||
| 23 | |||
| 24 | ==== Risk Assessment ==== | ||
| 25 | |||
| 26 | iSymphony Server CLI connection on TCP port 50001 does not have IP/Subnet based permission schema. If your iSymphony Server installation's TCP port 50001 is accessible via a network connection and not firewalled, the CLI may be subject to malicious attackers, or internal organization information may be obtained from telnet based usage of this port. | ||
| 27 | |||
| 28 | ==== Vulnerability ==== | ||
| 29 | |||
| 30 | iSymphony does not provide a mechanism implementing IP based permissions allowing for selective source-address connections to the iSymphony Command Line Interface. | ||
| 31 | |||
| 32 | ==== Fix ==== | ||
| 33 | |||
| 34 | Utilize IPTables / IPChains (Linux), IPFW (BSD), 3rd Party Firewall implementation or appliance to effect firewalling based filtering prohibiting access to TCP Port 50001 on machine hosting the iSymphony Server component. | ||
| 35 | {{/column}} | ||
| 36 | |||
| 37 | {{column width="300px"}} | ||
| 38 | |||
| 39 | |||
| 40 | ** | ||
| 41 | ** | ||
| 42 | |||
| 43 | {{panel title="In this advisory"}} | ||
| 44 | |||
| 45 | |||
| 46 | {{toc maxLevel="4" minLevel="2"/}} | ||
| 47 | {{/panel}} | ||
| 48 | |||
| 49 | |||
| 50 | |||
| 51 | |||
| 52 | |||
| 53 | |||
| 54 | {{/column}} | ||
| 55 | {{/section}} |