CiscoSecure ACS for Windows CSAdmin Overflow DoS

2003-04-23T00:00:00
ID OSVDB:1568
Type osvdb
Reporter OSVDB
Modified 2003-04-23T00:00:00

Description

Vulnerability Description

A remote overflow exists in CiscoSecure ACS for Windows. The CSAdmin module fails to validate login requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service resulting in a loss of availability. It is possible that an attacker could execute arbitrary code, but it has not be shown.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Cisco has released a patch to address this vulnerability.

Short Description

A remote overflow exists in CiscoSecure ACS for Windows. The CSAdmin module fails to validate login requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service resulting in a loss of availability. It is possible that an attacker could execute arbitrary code, but it has not be shown.

References:

Vendor Specific Advisory URL Secunia Advisory ID:8653 Other Advisory URL: http://www.securityfocus.com/archive/1/319576 Nessus Plugin ID:11556 ISS X-Force ID: 11840 CVE-2003-0210 CIAC Advisory: n-079 CERT VU: 697049 Bugtraq ID: 7413