CiscoSecure ACS for Windows NT Buffer Overflow Vulnerability
BID:1705
Info
CiscoSecure ACS for Windows NT Buffer Overflow Vulnerability
| Bugtraq ID: | 1705 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 21 2000 12:00AM |
| Updated: | Sep 21 2000 12:00AM |
| Credit: | Publicized in a Cisco Security Advisory (Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server) on September 21, 2000. |
| Vulnerable: |
Cisco Secure ACS for Windows NT 2.42 |
| Not Vulnerable: |
Cisco Secure Access Control Server |
Discussion
CiscoSecure ACS for Windows NT Buffer Overflow Vulnerability
Depending on the data entered, CiscoSecure ACS for Windows NT can be made to crash or arbitrary code execution can be made possible if an unusually long packet is sent to port 2002.
If the application were to crash due to an oversized packet, the CSadmin Module would automatically restart after one minute in versions 2.3x and higher. Existing sessions would re-establish although they would need to be authenticated again. In prior versions, a restart is required in order to regain normal functionality.
Depending on the data entered, CiscoSecure ACS for Windows NT can be made to crash or arbitrary code execution can be made possible if an unusually long packet is sent to port 2002.
If the application were to crash due to an oversized packet, the CSadmin Module would automatically restart after one minute in versions 2.3x and higher. Existing sessions would re-establish although they would need to be authenticated again. In prior versions, a restart is required in order to regain normal functionality.
Exploit / POC
CiscoSecure ACS for Windows NT Buffer Overflow Vulnerability
The following proof of concept exploit has been supplied by BlackAngels.it, this exploit will trigger this and other Cisco vulnerabilities.
The following proof of concept exploit has been supplied by BlackAngels.it, this exploit will trigger this and other Cisco vulnerabilities.
Solution / Fix
CiscoSecure ACS for Windows NT Buffer Overflow Vulnerability
Solution:
Cisco has released a free upgrade (version 2.43 and all subsequent releases) for all affected customers. Customers can obtain the upgrade through:
1) Regular update channels.
2) The Software Center at http://www.cisco.com
3) Contacting the Technical Assistance Center (TAC):
- +1 800 553 2447 (toll-free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- E-mail: [email protected]
Solution:
Cisco has released a free upgrade (version 2.43 and all subsequent releases) for all affected customers. Customers can obtain the upgrade through:
1) Regular update channels.
2) The Software Center at http://www.cisco.com
3) Contacting the Technical Assistance Center (TAC):
- +1 800 553 2447 (toll-free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- E-mail: [email protected]
References
CiscoSecure ACS for Windows NT Buffer Overflow Vulnerability
References:
References:
- Cisco Call Manager Express (Cisco Systems)