Cisco Secure ACS vulnerabilities
Created 4/30/03
CAN 2003-0210
Impact
A remote attacker could create a denial of service or
execute arbitrary commands.
Background
Cisco Secure Access Control Server (ACS)
is a centralized user access control framework which can
be used with routers, switches, firewalls, VPNs, and other
devices. Cisco Secure ACS features a web-based management
interface which listens on TCP port 2002.
The Problem
Improper handling of login requests in the Windows version
of Cisco Secure ACS could lead to a buffer overflow. A
remote attacker could crash the service or execute arbitrary
commands with LocalSystem privileges. Versions
2.6.4 and earlier, 3.0 through 3.0.3, and 3.1 through
3.1.1 of Cisco Secure ACS for Windows are affected by
this vulnerability.
Resolution
Install one of the patches referenced in the
Cisco Advisory.
Where can I read more about this?
This vulnerability was posted to
Bugtraq.