CiscoSecure ACS for Windows NT Oversized TACACS+ Packet DoS Vulnerability

Bugtraq ID:	1706
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	Yes
Published:	Sep 21 2000 12:00AM
Updated:	Sep 21 2000 12:00AM
Credit:	Publicized in a Cisco Security Advisory (Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server) on September 21, 2000.
Vulnerable:	Cisco Secure ACS for Windows NT 2.42 - Microsoft Windows NT 4.0
Not Vulnerable:	Cisco Secure Access Control Server

CiscoSecure ACS for Windows NT Oversized TACACS+ Packet DoS Vulnerability

If a remote attacker is capable of sniffing or injecting traffic in between a server running CiscoSecure ACS for Windows NT and a TACACS+ client, CiscoSecure ACS for Windows NT can be made to crash if an oversized TACACS+ packet is sent to it.

CiscoSecure ACS for Windows NT Oversized TACACS+ Packet DoS Vulnerability

See discussion.

CiscoSecure ACS for Windows NT Oversized TACACS+ Packet DoS Vulnerability

Solution:
Cisco has released a free upgrade (version 2.43 and all subsequent releases) for all affected customers. Customers can obtain the upgrade through:

1) Regular update channels.
2) The Software Center at http://www.cisco.com
3) Contacting the Technical Assistance Center (TAC):
- +1 800 553 2447 (toll-free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- E-mail: [email protected]