Bugtraq mailing list archives
Re: An Analysis of the TACACS+ Protocol and its Implementations
From: drajnovi () CISCO COM (Damir Rajnovic)
Date: Tue, 30 May 2000 12:16:55 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hello, We acknowledge that a buffer overflow mentioned in the analysis by Solar Designer is indeed present in an unsupported free version of TACACS+ server (officially it is a "developer's kit" and can be found at http://cco/kobayashi/sw-center/access/tacacs-plus.html) However, since that software is unsupported Cisco will not patch it. One can integrate the patch mentioned in Solar Designer's analysis, but Cisco will not be liable for any damage that it may cause. The unsupported patch can be found at http://www.openwall.com/advisories/ The above site and all its contents are not endorsed by Cisco in any way and we are declining any liability for a damage that may be caused if acted upon information presented on it. This link is included for completeness and convenience only. Our commercial offerings CiscoSecure for Unix and NT are not vulnerable to the described overflow. If an oversize TACACS+ packet is sent to an IOS client, IOS will report an error as mentioned in the analysis and reject that packet. The device will continue to function normally and no service disruption will occur. In order to utilize other TACACS+ protocol shortcomings as described in the brilliant analysis by Solar Designer, a culprit must have access to the path between the TACAS+ client and the server. We would like to thank Solar Designer for sharing this analysis with us first and allowing us ample time to review our commercial products. Regards, Gaus ============== Damir Rajnovic <psirt () cisco com>, PSIRT Incident Manager, Cisco Systems <http://www.cisco.com/warp/public/707/sec_incident_response.shtml> Phone: +44 7715 546 033 4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB ============== There is no insolvable problems. Question remains: can you accept the solution? -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQCVAwUBOTOircAFeq0PniW5AQFYlwP/RdjJdljtCQwJA9sP+7odfBgZxxXRCmrv nzSQem9N7Ll6hV6tOA8ypopqhSzdH+eWbn/32dylmmU1bH9cjXNaS9Fa21+mOtG8 u2+kr/hnYzBwutFFzZFzs1a4mg85G/u5twSs2U5RHqAWypAURyFE8W65431iIhno HD2oHDfGdcE= =iFx3 -----END PGP SIGNATURE-----
Current thread:
- An Analysis of the TACACS+ Protocol and its Implementations Solar Designer (May 30)
- Re: An Analysis of the TACACS+ Protocol and its Implementations Damir Rajnovic (May 30)
- Alert: Windows NT Browser Service DoS Cerberus Security Team (May 30)
- Call for Presentations Chet Uber (May 30)
- Microsoft Security Bulletin (MS00-035) Microsoft Product Security (May 30)
- [TL-Security-Announce] xlockmore TLSA2000012-1.txt Katherine M. Moussouris (May 30)
- Microsoft Security Bulletin (MS00-038) Microsoft Product Security (May 30)
- PGP Security Advisory for PGP 5.0 Will Price (May 30)
- [RHSA-2000:005-05] New majordomo packages available (fwd) Raymond Dijkxhoorn (May 31)