Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
908
Views
0
Helpful
0
Comments

Stack based overflow occurs within the CSAdmin service when HTTP Get requests are processed

TCC_2
Advocate
Advocate

‎06-22-2009 04:44 PM - edited ‎02-21-2020 09:55 PM

Core issue

Multiple vulnerabilities affect certain versions of the Cisco Secure Access Control Server (ACS). These vulnerabilities cause specific Cisco Secure Services to crash.

These vulnerabilities are documented in Cisco bug ID CSCsd96293.

Resolution

These are the vulnerabilities and their impact on the Cisco Secure ACS services:

  • Specially Crafted Hypertext Transfer Protocol (HTTP) Get Request Vulnerability—The CSAdmin service can crash if it processes a specially crafted HTTP Get request.

  • Specially Crafted Remote Authentication Dial-In User Service (RADIUS) Accounting-Request Vulnerability—The CSRadius service can crash if it processes a specially crafted RADIUS Accounting-Request packet.

  • Specially Crafted RADIUS Access-Request Vulnerabilities—The CSRadius service can crash if it processes a specially crafted RADIUS Access-Request packet.

As a workaround, complete one of these steps:

  • Upgrade to version 4.1(1) from Cisco Downloads.

  • Refer to Cisco Downloads and install the fix for the versions 3.3 and earlier.T

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
Discussions
Customers Also Viewed These Support Documents