iXsecurity.20020314.csadmin_fmt.a

From: Patrik Karlsson (Patrik.Karlssonat_private)
Date: Wed Apr 03 2002 - 07:58:28 PST

Next message: Andrew R. Reiter: "Re: Taxonomies"

Previous message: Spybreak: "LogWatch 2.5 still vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

iXsecurity Security Vulnerability Report
No: iXsecurity.20020314.csadmin_fmt.a
========================================

Vulnerability Summary
---------------------
Problem:                Cisco Secure ACS webserver has a format string
                        vulnerability.

Threat:                 An attacker could send an "invalid" URL
                        to the webserver listening on port 2002,
                        resulting in a server crash and arbitrary code
                        execution.

Affected Software:      Cisco Secure ACS 2.6.X and 3.0.1 (build 40).

Platform:               Windows NT/2000 verified

Solution:               Install the patch from Cisco.

Vulnerability Description
-------------------------
Cisco Secure ACS has a webserver interface listening on port 2002.
The webserver has a format string condition, making it possible
to overwrite EIP, resulting in a service crash and arbitrary code
execution.

Solution
--------
Cisco PSIRT can confirm this vulnerability. The Security Advisory
was published and it is at
http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
Only Cisco ACS for Windows is affected. The Unix version is not
affected by these issues. You can download patches by following
instructions in the Advisory.

Additional Information
----------------------
Cisco was contacted 20020315.


This vulnerability was found and researched by
Jonas Ländin, jonas.landinat_private
Patrik Karlsson, patrik.karlssonat_private

Next message: Andrew R. Reiter: "Re: Taxonomies"
Previous message: Spybreak: "LogWatch 2.5 still vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 03 2002 - 17:38:42 PST