A vulnerability in the web administrative server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system.
Cisco Secure ACS is a Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) security server. It includes a component called CSAdmin that provides the web server for the ACS web administration interface.
A stack-based buffer overflow exists in the way that the CSAdmin server included with certain versions of Cisco Secure ACS handles specially crafted HTTP GET requests. A remote attacker with the ability to supply such a request may be able to execute arbitrary code in the context of the CSAdmin server on an affected system or cause the CSAdmin service to crash, resulting in the web administrative interface becoming unavailable.
A remote, unauthenticated attacker may be able to execute arbitrary code on an affected system or cause the CSAdmin service on that system to crash, resulting in a denial of service.
This issue was publicly reported in Cisco Security Advisory cisco-sa-20070105-csacs.
This document was written by Chad R Dougherty.
|Date First Published:||2007-01-15|
|Date Last Updated:||2007-01-26 16:25 UTC|