Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
996
Views
0
Helpful
0
Comments

Stack based overflow occurs within the CSAdmin service when HTTP Get requests are processed

TCC_2
Level 10
Level 10

‎06-22-2009 04:44 PM - edited ‎02-21-2020 09:55 PM

Core issue

Multiple vulnerabilities affect certain versions of the Cisco Secure Access Control Server (ACS). These vulnerabilities cause specific Cisco Secure Services to crash.

These vulnerabilities are documented in Cisco bug ID CSCsd96293.

Resolution

These are the vulnerabilities and their impact on the Cisco Secure ACS services:

  • Specially Crafted Hypertext Transfer Protocol (HTTP) Get Request Vulnerability—The CSAdmin service can crash if it processes a specially crafted HTTP Get request.

  • Specially Crafted Remote Authentication Dial-In User Service (RADIUS) Accounting-Request Vulnerability—The CSRadius service can crash if it processes a specially crafted RADIUS Accounting-Request packet.

  • Specially Crafted RADIUS Access-Request Vulnerabilities—The CSRadius service can crash if it processes a specially crafted RADIUS Access-Request packet.

As a workaround, complete one of these steps:

  • Upgrade to version 4.1(1) from Cisco Downloads.

  • Refer to Cisco Downloads and install the fix for the versions 3.3 and earlier.T

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents