[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1437934178.20070108202923@thorben at gawab com>
Date: Mon, 8 Jan 2007 20:29:23 +0100
From: thorben schroeder <thorben@...ab.com>
To: bugtraq@...urityfocus.com
Subject: cisco nac bypass vulnerability - cisco trust agent
hello list,
the cisco network admission control system gives an adminitrator the
chance to check the clients, whether they have installed certain
patches / hotfixes. this check is not reliable.
programm version: cisco trust agent 2.0.1.14 (probably all versions)
os: windows xp sp2
vendor informed: yes (got only automated feedback mail)
severity: low - med
vulnerability: the cta checks the patch level only with some registry
queries which can be manipulated
example:
- "Cisco:Host:Hotfix contains KB919007" as posture validation
- the KB919007 hotfix is not installed!
- copy the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
XP\SP3\KB873339 key and change it into a KB919007 key
- result: client is healty
regards
thorben
Powered by blists - more mailing lists