17 April 2008, 12:19

Vulnerability in Cisco NAC enables server capture

Cisco has reported a vulnerability in its Network Admission Control (NAC) products that can give attackers complete remote control of the Clean Access Server (CAS). Attackers can obtain the shared secret that protects communications between the Clean Access Server and the Clean Access Manager (CAM). The shared secret is evidently contained in error logs transmitted over the network.

The software affected includes NAC Appliance software versions 3.5.x, 3.6.x, 4.0.x and 4.1.x. Administrators using version 3.5.x should contact Cisco to discuss options for fixing the problem. For the other affected software, Cisco is providing versions 3.6.4.4, 4.0.6 and 4.1.2, which are said to eliminate the vulnerability. Registered administrators should download these from the Cisco web site and install them without delay.

Channels

Services

Vulnerability in Cisco NAC enables server capture

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit