Cisco Secure Access Control Server Multiple Remote Vulnerabilities
BID:21900
Info
Cisco Secure Access Control Server Multiple Remote Vulnerabilities
| Bugtraq ID: | 21900 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0105 CVE-2006-4097 CVE-2006-4098 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 05 2007 12:00AM |
| Updated: | Jan 16 2007 06:00PM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
Cisco Secure Access Control Server 4.0.1 Cisco Secure Access Control Server 3.3.2 Cisco Secure Access Control Server 3.3.1 Cisco Secure Access Control Server 3.3 (1) Cisco Secure Access Control Server 3.3 Cisco Secure Access Control Server 3.2.2 Cisco Secure Access Control Server 3.2.1 Cisco Secure Access Control Server 3.2 (3) Cisco Secure Access Control Server 3.2 (2) Cisco Secure Access Control Server 3.2 (1.20) Cisco Secure Access Control Server 3.2 (1) Cisco Secure Access Control Server 3.2 Cisco Secure Access Control Server 3.1 Cisco Secure Access Control Server 3.0 Cisco Secure Access Control Server 4.0 |
| Not Vulnerable: |
Cisco Secure Access Control Server 4.1 |
Discussion
Cisco Secure Access Control Server Multiple Remote Vulnerabilities
Cisco Secure Access Control Server (ACS) is prone to multiple remote vulnerabilities, including multiple stack-based buffer-overflow issues and denial-of-service issues.
An attacker can exploit these issues to execute arbitrary code within the context of the affected server or to crash the affected server, denying service to legitimate users.
Versions prior to 4.1 are vulnerable to these issues.
Cisco Secure Access Control Server (ACS) is prone to multiple remote vulnerabilities, including multiple stack-based buffer-overflow issues and denial-of-service issues.
An attacker can exploit these issues to execute arbitrary code within the context of the affected server or to crash the affected server, denying service to legitimate users.
Versions prior to 4.1 are vulnerable to these issues.
Exploit / POC
Cisco Secure Access Control Server Multiple Remote Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
Cisco Secure Access Control Server Multiple Remote Vulnerabilities
Solution:
The vendor has released updates to address these issues. Please contact the vendor for information on how to obtain and apply these updates.
Solution:
The vendor has released updates to address these issues. Please contact the vendor for information on how to obtain and apply these updates.
References
Cisco Secure Access Control Server Multiple Remote Vulnerabilities
References:
References: