SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#697049

Cisco Secure ACS for Windows CSAdmin vulnerable to buffer overflow via login requests

Overview

Cisco Secure ACS for Windows contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service.

I. Description

Cisco Secure ACS for Windows is an authentication, authorization, and accounting (AAA) server. From Cisco Security Advisory: Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability:

    Cisco Secure ACS for Windows provides a Web-based management interface, termed CSAdmin, which listens on TCP port 2002. A buffer overflow vulnerability occurs during CSAdmin process servicing login requests. Once a sufficiently long user parameter is received by the server, this can cause the buffer overflow, which would typically result in the service hanging until it can be restarted. It is possible that a buffer overflow could be performed that would result in the compromise of the system and permit remote control of the system.

This issue has been assigned Cisco Bug ID CSCea51366.

II. Impact

A remote attacker could execute arbitrary code with the privileges of the CSAdmin process or cause a denial of service. CSAdmin typically runs with Local System privileges, therefore an attacker could gain complete control of a vulnerable system. The compromise of a Secure ACS system could lead to the disclosure of other user credentials.

III. Solution

Apply Patch or Upgrade

Apply the appropriate patch as referenced in Cisco Security Advisory: Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability. As noted in this document, future versions of CSAdmin will include this fix.

Restrict Access to Secure ACS Systems

Restrict access to Secure ACS systems to trusted hosts and networks.

  • Use firewall/router ACLs to limit access to Secure ACS to trusted hosts and networks. Secure ACS provides the ability to restrict access based on IP addresses (see page 10-12 of the User Guide for Cisco Secure ACS for Windows Server).
  • Bind the CSAdmin HTML server to the loopback interface (127.0.0.1) and connect to the Secure ACS host with another secure remote access protocol (Terminal Services/RDP, IPsec, L2TP, SSH).
Note also that SSL can be used to encrypt the HTTP connection to CSAdmin (see page 10-13 of the User Guide for Cisco Secure ACS for Windows Server).

Systems Affected
VendorStatusDate NotifiedDate Updated
Cisco Systems Inc.Vulnerable5-Jun-2003

References

http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/
http://www.cisco.com/application/pdf/en/us/guest/products/ps407/c1629/ccmigration_09186a00801085d0.pdf
http://www.securityfocus.com/bid/7413
http://www.securityfocus.com/archive/1/319576
http://www.nsfocus.com/english/homepage/sa2003-04.htm
http://www.ietf.org/html.charters/aaa-charter.html
http://www.cisco.com/warp/public/707/advisory.html

Credit

This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT) and NSFOCUS.

This document was written by Art Manion.

Other Information

Date Public:2003-04-23
Date First Published:2003-06-05
Date Last Updated:2003-06-05
CERT Advisory: 
CVE-ID(s):CAN-2003-0210
NVD-ID(s):CAN-2003-0210
US-CERT Technical Alerts: 
Severity Metric:6.24
Document Revision:17

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader