ID

VAR-200611-0225

CVE

CVE-2006-5808

TITLE

CSD Vulnerabilities that have been granted privileges in the installation of

DESCRIPTION

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". Cisco Secure Desktop is susceptible to multiple vulnerabilities. These issues are due to design flaws in the application. Exploiting these issues allows local attackers to evade application security policies, to access sensitive information, and to gain local system privileges on affected computers. These vulnerabilities affect Cisco Secure Desktop version 3.1.1.33 and prior. Cisco Secure Desktop (CSD) uses encryption to reduce the risk of cookies, browser history, temporary files, and downloads being left on the system after a remote user logs off or an SSL VPN session times out. Unprivileged users can exploit this vulnerability to elevate their privileges and obtain localsystem-equivalent privileges by replacing certain CSD executables that run as system services with LocalSystem privileges. Note that some other Cisco products install their files into the \\%SystemDrive\\%\Program Files\Cisco Systems\ directory. So a side effect of this vulnerability in CSD is that if other products are installed after the vulnerable version of CSD is installed, those products will also be affected. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Cisco Secure Desktop Multiple Vulnerabilities SECUNIA ADVISORY ID: SA22747 VERIFY ADVISORY: http://secunia.com/advisories/22747/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information, Privilege escalation WHERE: Local system SOFTWARE: Cisco Secure Desktop 3.x http://secunia.com/product/7726/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Secure Desktop, which can be exploited by malicious, local users to gain knowledge of sensitive information, bypass certain security restrictions, or gain escalated privileges on a vulnerable system. 1) Internet browsers that are automatically spawned after establishing an SSL VPN connection uses a directory outside of the CSD vault. Users are then able to save files downloaded during the internet browsing session into the said directory, which results in unencrypted files remaining in the system after the SSL VPN session. Successful exploitation requires that Cisco SSL VPN is configured to automatically spawn a browser after a successful connection. 2) Users are able to switch between the Secure Desktop and the Local (non-secure) Desktop when using applications that attempt to switch to the default desktop. 3) When installed on an NTFS file system, insecure default permissions are placed on the installation directory. This can be exploited to remove, manipulate, and replace any of the application's file. Successful exploitation allows execution of arbitrary commands with SYSTEM privileges. SOLUTION: Update to version 3.1.1.45. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor 3) Titon, Bastard Labs. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

Design Error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Titon

SOURCES

LAST UPDATE DATE

2024-08-14T13:39:32.700000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE