Secunia Security Advisory - A vulnerability has been reported in Cisco Secure Access Control Server (ACS), which can be exploited by malicious people to cause a DoS (Denial of Service).
f4b4380f85187441606366ff9b5909de92134f35e3faa96232d00b51f32af822
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Cisco Secure ACS EAP Packet Denial of Service
SECUNIA ADVISORY ID:
SA31731
VERIFY ADVISORY:
http://secunia.com/advisories/31731/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
Cisco Secure ACS Solution Engine 3.x
http://secunia.com/product/4206/
Cisco Secure ACS Solution Engine 4.x
http://secunia.com/product/13658/
SOFTWARE:
Cisco Secure ACS 3.x
http://secunia.com/product/679/
Cisco Secure ACS 4.x
http://secunia.com/product/10635/
DESCRIPTION:
A vulnerability has been reported in Cisco Secure Access Control
Server (ACS), which can be exploited by malicious people to cause a
DoS (Denial of Service).
The vulnerability is caused due to an input validation error in Cisco
Secure ACS, which can be exploited to crash the "CSRadius" and
"CSAuth" processes by sending a specially crafted EAP packet
containing an overly large "length" value.
Successful exploitation may require knowledge of the RADIUS shared
secret.
SOLUTION:
Apply patches. Please see the vendor advisory for details.
PROVIDED AND/OR DISCOVERED BY:
Gabriel Campana and Laurent Butti, France Telecom / Orange
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml
Gabriel Campana and Laurent Butti:
http://archives.neohapsis.com/archives/bugtraq/2008-09/0033.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------