Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Secure_access_control_server | Cisco | 2.1 (including) | 2.1 (including) |
| Secure_access_control_server | Cisco | 2.3 (including) | 2.3 (including) |
| Secure_access_control_server | Cisco | 2.4 (including) | 2.4 (including) |
| Secure_access_control_server | Cisco | 2.5 (including) | 2.5 (including) |
| Secure_access_control_server | Cisco | 2.6 (including) | 2.6 (including) |
| Secure_access_control_server | Cisco | 2.6.2 (including) | 2.6.2 (including) |
| Secure_access_control_server | Cisco | 2.6.3 (including) | 2.6.3 (including) |
| Secure_access_control_server | Cisco | 2.6.4 (including) | 2.6.4 (including) |
| Secure_access_control_server | Cisco | 3.0 (including) | 3.0 (including) |
| Secure_access_control_server | Cisco | 3.0.1 (including) | 3.0.1 (including) |
| Secure_access_control_server | Cisco | 3.0.3 (including) | 3.0.3 (including) |
| Secure_access_control_server | Cisco | 3.1.1 (including) | 3.1.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=105120066126196\u0026w=2
- http://marc.info/?l=ntbugtraq\u0026m=105118056332344\u0026w=2
- http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml
- http://www.kb.cert.org/vuls/id/697049
- http://marc.info/?l=bugtraq\u0026m=105120066126196\u0026w=2
- http://marc.info/?l=ntbugtraq\u0026m=105118056332344\u0026w=2
- http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml
- http://www.kb.cert.org/vuls/id/697049