Cisco Secure ACS EAP-Response报文解析拒绝服务漏洞

2008-09-10T00:00:00
ID SSV:3987
Type seebug
Reporter Root
Modified 2008-09-10T00:00:00

Description

BUGTRAQ ID: 30997 CVE ID:CVE-2008-2441 CNCVE ID:CNCVE-20082441

Cisco Secure ACS是一款Cisco网络设备的中央管理平台,用于控制设备的认证和授权。 Cisco Secure ACS不正确解析EAP-Response报文长度,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击或可能导致任意代码执行。 远程攻击者(作为RADIUS客户端)可以针对Cisco Secure ACS服务器发送EAP应答报文,可导致CSRadius服务不稳定或崩溃。设置EAP-Response报文的长度字段为一定大小的值,如大于实际报文长度,可触发此漏洞。任意EAP-Response报文如EAP-Response/Identity, EAP-Response/MD5, EAP-Response/TLS可利用此漏洞。 触发漏洞后在Windows事件查看器中会提示错误消息“"The CSAuth service terminated unexpectedly"和"The CSRadius service terminated unexpectedly"。

Cisco Virtual Central Office 4000 (VCO/4K) 4.1(1) build 23 Cisco Secure ACS for Windows 4.1 Cisco Secure Access Control Server 4.0.1 Cisco Secure Access Control Server 3.3.2 Cisco Secure Access Control Server 3.3.1 Cisco Secure Access Control Server 3.3 (1) Cisco Secure Access Control Server 3.3 Cisco Secure Access Control Server 3.2.2 Cisco Secure Access Control Server 3.2.1 Cisco Secure Access Control Server 3.2 (3) Cisco Secure Access Control Server 3.2 (2) Cisco Secure Access Control Server 3.2 (1.20) Cisco Secure Access Control Server 3.2 (1) Cisco Secure Access Control Server 4.1 Cisco Secure Access Control Server 4.0 Cisco CiscoSecure ACS for Windows 3.2 Cisco CiscoSecure ACS for Windows 3.1

供应商提供了最新的升级程序: Cisco Secure ACS for Windows 4.1 Cisco CS ACS for Windows <a href=http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-win-3des target=_blank>http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-win-3des</a>