Name:
Cisco.ACS.UCP.CGI.Pre.Authentication.Buffer.Overfl
Released Date:
Mar 14 2008
Severity:
critical
CVE:
2008-0532
Bugtraq:
28222

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a buffer-overflow vulnerability in Cisco Secure Access Control Server (ACS) for Windows.

The vulnerability is in the User-Changeable Password (UCP) application, a set of CGI programs and web site contents installed on Microsoft IIS. The CGI program "CSUserCGI.exe" is vulnerable to multiple buffer overflows that occur
before the authentication process. A remote attacker can exploit these to gain control of vulnerable systems.
 
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
 
Affected Products
Cisco ACS UCP versions older than 4.2.
Aliases
Cisco.ACS.UCP.CGI.Pre.Authentication.Buffer.Overflow
References
http://www.securityfocus.com/bid/28222
http://www.frsirt.com/english/advisories/2008/0868
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0532
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml
http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt
Recommended Actions
Update to Cisco ACS UCP version 4.2. See the Cisco Advisory for information on how to obtain updated software at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED