CVE-2003-0210

Description

Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.

Affected products

• Cisco / secure_access_control_server2.1 – 2.1
• Cisco / secure_access_control_server2.3 – 2.3
• Cisco / secure_access_control_server2.4 – 2.4
• Cisco / secure_access_control_server2.5 – 2.5
• Cisco / secure_access_control_server2.6 – 2.6
• Cisco / secure_access_control_server2.6.2 – 2.6.2
• Cisco / secure_access_control_server2.6.3 – 2.6.3
• Cisco / secure_access_control_server2.6.4 – 2.6.4
• Cisco / secure_access_control_server3.0 – 3.0
• Cisco / secure_access_control_server3.0.1 – 3.0.1
• Cisco / secure_access_control_server3.0.3 – 3.0.3
• Cisco / secure_access_control_server3.1.1 – 3.1.1

References

• MAILING_LISThttp://marc.info/?l=ntbugtraq&m=105118056332344&w=2
• MAILING_LISThttp://marc.info/?l=bugtraq&m=105120066126196&w=2
• VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml
• MISChttp://www.kb.cert.org/vuls/id/697049