Buffer Overflows in Cisco's Secure ACS
Cisco has published a security advisory concerning three vulnerabilities in the Secure Access Control Server (ACS) for Windows and in the Secure ACS Solution Engine. Two of the flaws are the result of buffer overflows caused by prepared HTTP-GET requests and special RADIUS accounting requests that cause the CSAdmin service and/or the CSRadius service to crash. As a consequence, for example, the management interface can no longer be reached via the network.
In its advisory, Cisco does not state whether the buffer overflows allow code to be injected and executed in a system. The secret key has to be known for an attack on the RADIUS service, which reduces the risk of an attack. Furthermore, the CSRadius service crashes when processing certain RADIUS access requests. Here, the secret key is not required for an attack. Cisco's Secure Access Control Server for Windows prior to version 4.1 and its Secure Access Control Server Solution Engine before version 4.1 are affected. An update has been provided.
- Multiple Vulnerabilities in Cisco Secure Access Control Server, Cisco's security advisory