Bugtraq mailing list archives

Re: An Analysis of the TACACS+ Protocol and its Implementations

From: drajnovi () CISCO COM (Damir Rajnovic)
Date: Tue, 30 May 2000 12:16:55 +0100


-----BEGIN PGP SIGNED MESSAGE-----

Hello,

We acknowledge that a buffer overflow mentioned in the analysis by
Solar Designer is indeed present in an unsupported free version
of TACACS+ server (officially it is a "developer's kit" and can be
found at http://cco/kobayashi/sw-center/access/tacacs-plus.html)
However, since that software is unsupported Cisco will not patch it.
One can integrate the patch mentioned in Solar Designer's analysis,
but Cisco will not be liable for any damage that it may cause.
The unsupported patch can be found at
http://www.openwall.com/advisories/

The above site and all its contents are not endorsed by Cisco in
any way and we are declining any liability for a damage that may
be caused if acted upon information presented on it. This link is
included for completeness and convenience only.

Our commercial offerings CiscoSecure for Unix and NT are not
vulnerable to the described overflow. If an oversize TACACS+ packet
is sent to an IOS client, IOS will report an error as mentioned in
the analysis and reject that packet. The device will continue to
function normally and no service disruption will occur.

In order to utilize other TACACS+ protocol shortcomings as described
in the brilliant analysis by Solar Designer, a culprit must have
access to the path between the TACAS+ client and the server.

We would like to thank Solar Designer for sharing this analysis with
us first and allowing us ample time to review our commercial products.

Regards,

Gaus

==============
Damir Rajnovic <psirt () cisco com>, PSIRT Incident Manager, Cisco
Systems
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
Phone: +44 7715 546 033
4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB
==============
There is no insolvable problems. Question remains: can you
accept the solution?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i

iQCVAwUBOTOircAFeq0PniW5AQFYlwP/RdjJdljtCQwJA9sP+7odfBgZxxXRCmrv
nzSQem9N7Ll6hV6tOA8ypopqhSzdH+eWbn/32dylmmU1bH9cjXNaS9Fa21+mOtG8
u2+kr/hnYzBwutFFzZFzs1a4mg85G/u5twSs2U5RHqAWypAURyFE8W65431iIhno
HD2oHDfGdcE=
=iFx3
-----END PGP SIGNATURE-----

Current thread:

An Analysis of the TACACS+ Protocol and its Implementations Solar Designer (May 30)
- Re: An Analysis of the TACACS+ Protocol and its Implementations Damir Rajnovic (May 30)
- Alert: Windows NT Browser Service DoS Cerberus Security Team (May 30)
- Call for Presentations Chet Uber (May 30)
- Microsoft Security Bulletin (MS00-035) Microsoft Product Security (May 30)
- [TL-Security-Announce] xlockmore TLSA2000012-1.txt Katherine M. Moussouris (May 30)
- Microsoft Security Bulletin (MS00-038) Microsoft Product Security (May 30)
- PGP Security Advisory for PGP 5.0 Will Price (May 30)
- [RHSA-2000:005-05] New majordomo packages available (fwd) Raymond Dijkxhoorn (May 31)