Type securityvulns
Reporter Securityvulns
Modified 2002-04-04T00:00:00


iXsecurity Security Vulnerability Report No: iXsecurity.20020314.csadmin_fmt.a ========================================

Vulnerability Summary

Problem: Cisco Secure ACS webserver has a format string vulnerability.

Threat: An attacker could send an "invalid" URL to the webserver listening on port 2002, resulting in a server crash and arbitrary code execution.

Affected Software: Cisco Secure ACS 2.6.X and 3.0.1 (build 40).

Platform: Windows NT/2000 verified

Solution: Install the patch from Cisco.

Vulnerability Description

Cisco Secure ACS has a webserver interface listening on port 2002. The webserver has a format string condition, making it possible to overwrite EIP, resulting in a service crash and arbitrary code execution.


Cisco PSIRT can confirm this vulnerability. The Security Advisory was published and it is at http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml Only Cisco ACS for Windows is affected. The Unix version is not affected by these issues. You can download patches by following instructions in the Advisory.

Additional Information

Cisco was contacted 20020315.

This vulnerability was found and researched by Jonas Ländin, jonas.landin@ixsecurity.com Patrik Karlsson, patrik.karlsson@ixsecurity.com