iXsecurity Security Vulnerability Report No: iXsecurity.20020314.csadmin_fmt.a ========================================
Problem: Cisco Secure ACS webserver has a format string vulnerability.
Threat: An attacker could send an "invalid" URL to the webserver listening on port 2002, resulting in a server crash and arbitrary code execution.
Affected Software: Cisco Secure ACS 2.6.X and 3.0.1 (build 40).
Platform: Windows NT/2000 verified
Solution: Install the patch from Cisco.
Cisco Secure ACS has a webserver interface listening on port 2002. The webserver has a format string condition, making it possible to overwrite EIP, resulting in a service crash and arbitrary code execution.
Cisco PSIRT can confirm this vulnerability. The Security Advisory was published and it is at http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml Only Cisco ACS for Windows is affected. The Unix version is not affected by these issues. You can download patches by following instructions in the Advisory.
Cisco was contacted 20020315.
This vulnerability was found and researched by Jonas Ländin, firstname.lastname@example.org Patrik Karlsson, email@example.com