> ----------------------------------------------------------------------
>
> TITLE:
> Cisco Secure ACS Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA23629
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> OPERATING SYSTEM:
> Cisco Secure ACS Solution Engine 3.x
>
>
> SOFTWARE:
> Cisco Secure ACS 3.x
>
> Cisco Secure ACS 4.x
>
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Cisco Secure ACS, which
> can be exploited by malicious users or people to cause a DoS (Denial
> of Service) or to compromise a vulnerable system.
>
> 1) An unspecified error within the CSAdmin service when processing
> HTTP GET requests can be exploited to cause a stack-based buffer
> overflow via a specially crafted HTTP GET request.
>
> Successful exploitation allows execution of arbitrary code.
>
> 2) An unspecified error within the CSRadius service when processing
> RADIUS Accounting-Request packets can be exploited to cause a
> stack-based buffer overflow via a specially crafted RADIUS
> Accounting-Request packet.
>
> Successful exploitation allows execution of arbitrary code.
>
> 3) Unspecified errors within the CSRadius service when processing
> RADIUS Access-Request packets can be exploited to crash the service
> via a specially crafted RADIUS Access-Request packet.
>
> The vulnerabilities are reported in versions prior to 4.1. Other
> versions may also be affected.
>
> Note: The following products are reportedly not affected:
> * Cisco Secure ACS for Unix (CSU).
> * Cisco CNS Access Registrar (CAR).
> * Cisco Secure ACS server for Windows version 4.1(X) or later.
> * Cisco Secure ACS server solution Engine version 4.1(X) or later.
>
> SOLUTION:
> Apply patches.
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits CESG's Vulnerability Research Group and National
> Infrastructure Security Co-ordination Centre (NISCC).
>
> ORIGINAL ADVISORY:
>
>
