Secunia

Some vulnerabilities have been reported in Cisco Secure ACS, which can be exploited by malicious users or people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

1) An unspecified error within the CSAdmin service when processing HTTP GET requests can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP GET request.

Successful exploitation allows execution of arbitrary code.

2) An unspecified error within the CSRadius service when processing RADIUS Accounting-Request packets can be exploited to cause a stack-based buffer overflow via a specially crafted RADIUS Accounting-Request packet.

Successful exploitation allows execution of arbitrary code.

3) Unspecified errors within the CSRadius service when processing RADIUS Access-Request packets can be exploited to crash the service via a specially crafted RADIUS Access-Request packet.

The vulnerabilities are reported in versions prior to 4.1. Other versions may also be affected.

Note: The following products are reportedly not affected:
* Cisco Secure ACS for Unix (CSU).
* Cisco CNS Access Registrar (CAR).
* Cisco Secure ACS server for Windows version 4.1(X) or later.
* Cisco Secure ACS server solution Engine version 4.1(X) or later.

Solution
Apply patches.

Provided and/or discovered by
The vendor credits CESG's Vulnerability Research Group and National Infrastructure Security Co-ordination Centre (NISCC).

Changelog
Further details available in Customer Area

Original Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area