Cisco Clean Access Secure Smart Manager /admin/uploadclient.jsp Authentication Bypass File Upload DoS

2005-12-16T03:33:39
ID OSVDB:21956
Type osvdb
Reporter Alex Lanstein(alex@box.sk)
Modified 2005-12-16T03:33:39

Description

Vulnerability Description

Clean Access Manager contains a flaw that may allow a remote denial of service. The issue is caused by the uploadclient.jsp script failing to require a username and password in order to upload files, and will result in loss of availability for the platform if an attacker chooses to fill the partition with files.

Solution Description

Upgrade to version 3.6(1) or higher, as it has been reported to fix this vulnerability. In addition, Cisco has released a patch for some older versions.

Short Description

Clean Access Manager contains a flaw that may allow a remote denial of service. The issue is caused by the uploadclient.jsp script failing to require a username and password in order to upload files, and will result in loss of availability for the platform if an attacker chooses to fill the partition with files.

References:

Vendor Specific Advisory URL Security Tracker: 1015375 Secunia Advisory ID:18103 Related OSVDB ID: 21958 Related OSVDB ID: 21959 Related OSVDB ID: 21957 Other Advisory URL: http://www.awarenetwork.org/forum/viewtopic.php?p=2236 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0204.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0264.html Keyword: CSCsc85405 Keyword: CAM FrSIRT Advisory: ADV-2005-3007 CVE-2005-4332 Bugtraq ID: 15909