Net Manager
Network Managing, Engineering and Administration with an eye toward security.

Best practices meets the real world!

Friday, April 25, 2003  

Forgot to post this vulnerability yesterday. It seems that the CISCO Secure Access and Control Server has a vulnerability that has major implications. Here's the description (via bugtraq) from NSFOCUS Security:

"Cisco Secure Access Control Server(ACS) is a high-performance, highly scalable, centralized user access control framework. It supports centralized access and audit for dial access server, VPN and firewall, and IP voice(VoIP) solutions, as well as user based on standard IEEE 802.1x for wireless users of Cisco Aironet 350 wireless integration solution. The management of Cisco Secure ACS is implemented via WEB interface. Cisco Secure ACS will install a service known as 'CSAdmin'( the corresponding program of which is CSAdmin.exe) on the system. Once the service is enabled it listens on TCP/2002 port and accepts HTTP request. A buffer overflow vulnerability occurs during CSAdmin.exe handling login.exe request. Receiving the login request CSAdmin.exe will call wsprintfA to handle the user parameter without any length check on the parameter. If attackers send an extremely long user parameter to the server, they might cause a buffer overflow, resulting in service hanging or restarting. With carefully crafted data attacker could run arbitrary code with CSAdmin process privilege(typically LocalSystem) on the server."

It's not too bad because most of these will be inside the Firewall and port 2002 should be blocked. It's just the inside the perimiter hack that should be the predominant worry here.

posted by David | 4/25/2003 02:03:00 PM


Post a Comment

<< Home

News Links
Blog Links


Reading blogs at work? Click to escape to a suitable site!
Get Firefox

Site Meter

Powered by Blogger