Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

iXsecurity.20020314.csadmin_fmt.a

From: "Patrik Karlsson" <Patrik.Karlsson () ixsecurity com>
Date: Wed, 3 Apr 2002 17:58:28 +0200
iXsecurity Security Vulnerability Report
No: iXsecurity.20020314.csadmin_fmt.a
========================================

Vulnerability Summary
---------------------
Problem:                Cisco Secure ACS webserver has a format string
                        vulnerability.

Threat:                 An attacker could send an "invalid" URL
                        to the webserver listening on port 2002,
                        resulting in a server crash and arbitrary code
                        execution.

Affected Software:      Cisco Secure ACS 2.6.X and 3.0.1 (build 40).

Platform:               Windows NT/2000 verified

Solution:               Install the patch from Cisco.

Vulnerability Description
-------------------------
Cisco Secure ACS has a webserver interface listening on port 2002.
The webserver has a format string condition, making it possible
to overwrite EIP, resulting in a service crash and arbitrary code
execution.

Solution
--------
Cisco PSIRT can confirm this vulnerability. The Security Advisory
was published and it is at
http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
Only Cisco ACS for Windows is affected. The Unix version is not
affected by these issues. You can download patches by following
instructions in the Advisory.

Additional Information
----------------------
Cisco was contacted 20020315.


This vulnerability was found and researched by
Jonas Ländin, jonas.landin () ixsecurity com
Patrik Karlsson, patrik.karlsson () ixsecurity com
Previous By Date Next
Previous By Thread Next

Current thread: