Description: Some vulnerabilities have been reported in Cisco Secure ACS, which can be exploited by malicious users or people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
1) An unspecified error within the CSAdmin service when processing HTTP GET requests can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP GET request.
Successful exploitation allows execution of arbitrary code.
2) An unspecified error within the CSRadius service when processing RADIUS Accounting-Request packets can be exploited to cause a stack-based buffer overflow via a specially crafted RADIUS Accounting-Request packet.
Successful exploitation allows execution of arbitrary code.
3) Unspecified errors within the CSRadius service when processing RADIUS Access-Request packets can be exploited to crash the service via a specially crafted RADIUS Access-Request packet.
The vulnerabilities are reported in versions prior to 4.1. Other versions may also be affected.
Note: The following products are reportedly not affected:
* Cisco Secure ACS for Unix (CSU).
* Cisco CNS Access Registrar (CAR).
* Cisco Secure ACS server for Windows version 4.1(X) or later.
* Cisco Secure ACS server solution Engine version 4.1(X) or later.
Solution: Apply patches.
Provided and/or discovered by: The vendor credits CESG's Vulnerability Research Group and National Infrastructure Security Co-ordination Centre (NISCC).
Changelog: 2007-01-16: Added US-CERT References.
2007-01-18: Added CVE reference.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.