Pentest Security Advisory : PTL-2004-05
Vulnerability in Cisco Collaboration Server
Advisory Details
| Title: | Vulnerability in Cisco Collaboration Server |
| Announcement date: | 30th June 2004 |
| Advisory Reference: | ptl-2004-05 |
| Products: | Cisco Collaboration Server |
| Vulnerability Type: | Remote Code Execution / Elevation of Privileges |
| Vendor-URL: | http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml |
| Vendor-Status: | Patches Available |
| Remotely Exploitable: | Yes |
| Locally Exploitable: | Yes |
| Advisory URL: | http://www.pentest.co.uk |
Vulnerability Description
Versions of Cisco Collaboration Server prior to 5.x use a flawed version of ServletExec that allows an attacker to upload arbitrary files to the web server and directly invoke them, gaining administrative privileges.
Vulnerable Versions
CCS 4.x ships with ServletExec 3.0 which is vulnerable until patched.
CCS 3.x ships with ServletExec 2.2 which is vulnerable until patched.
Fix / Workarounds
CCS 4.0 customers can patch the software with an automated script or upgrade to CCS 5.x.
An automated script is not available for CCS 3.0. To patch this version Customers can either:
a) Follow the manual instructions in the Workaround section of the Cisco advisory
b) Upgrade to CCS 4.x and patch the software with the automated script
c) Upgrade to CCS 5.x.
Credit
This vulnerability was discovered by Matt Moore from Pentest Limited
PTL-2004-06
Penetration Testing as a service has grown into a business in its own right, providing numerous corporations with a valuable weapon in their growing arsenal of security counter measures. Pentest Limited was set up in June 2001 to provide specialist security services to businesses across the UK, North America and Europe.
Pentest Limited offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these databases.
