Re: SiteMinder Multiple Vulnerabilities (solution) Jul 19 2005 05:24PM
Williams, James K (James Williams ca com)

> List: bugtraq
> Subject: SiteMinder Multiple Vulnerabilities
> From: c0ntex <c0ntexb () gmail ! com>
> Date: 2005-07-08 14:03:11
> $ An open security advisory #10 - Siteminder v5.5
> Vulnerabilities
> [...]

This issue is NOT present in out-of-the-box installations of
SiteMinder. All supported versions of SiteMinder have an
agent configuration parameter called "CSSChecking" that is,
by default, set to "YES". A SiteMinder administrator would
have to intentionally set this parameter to "NO" to become
vulnerable to this issue.

The "CSSChecking" configuration parameter has been very well
documented in SiteMinder product documentation since 2001.

This issue is also documented and addressed in a security
advisory posted in October 2002 at this URL:
(URL may wrap)

.asp?isNodeGroup=null&ProductNumber=735&Pare ntId=493&groupType=249

Note that SiteMinder customers should continue to go to
support.netegrity.com for product support.


Ken Williams ; Vulnerability Research
Computer Associates ; 0xE2941985
A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus