Details of VAR-200701-0565

ID

VAR-200701-0565

CVE

CVE-2007-0105

TITLE

Cisco Secure Access Control Server vulnerable to a stack-based buffer overflow via a specially crafted "HTTP GET" request

Trust: 0.8

sources: CERT/CC: VU#744249

DESCRIPTION

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. Versions prior to 4.1 are vulnerable to these issues. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco Secure ACS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23629 VERIFY ADVISORY: http://secunia.com/advisories/23629/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Cisco Secure ACS Solution Engine 3.x http://secunia.com/product/4206/ SOFTWARE: Cisco Secure ACS 3.x http://secunia.com/product/679/ Cisco Secure ACS 4.x http://secunia.com/product/10635/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Secure ACS, which can be exploited by malicious users or people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Successful exploitation allows execution of arbitrary code. 2) An unspecified error within the CSRadius service when processing RADIUS Accounting-Request packets can be exploited to cause a stack-based buffer overflow via a specially crafted RADIUS Accounting-Request packet. Successful exploitation allows execution of arbitrary code. 3) Unspecified errors within the CSRadius service when processing RADIUS Access-Request packets can be exploited to crash the service via a specially crafted RADIUS Access-Request packet. Note: The following products are reportedly not affected: * Cisco Secure ACS for Unix (CSU). * Cisco CNS Access Registrar (CAR). * Cisco Secure ACS server for Windows version 4.1(X) or later. SOLUTION: Apply patches. PROVIDED AND/OR DISCOVERED BY: The vendor credits CESG's Vulnerability Research Group and National Infrastructure Security Co-ordination Centre (NISCC). ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.23

sources: NVD: CVE-2007-0105 // CERT/CC: VU#744249 // CERT/CC: VU#477164 // CERT/CC: VU#443108 // JVNDB: JVNDB-2007-001337 // BID: 21900 // VULHUB: VHN-23467 // PACKETSTORM: 53487

AFFECTED PRODUCTS

vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	secure access control server	scope:	lte	version:	4.0.1	Trust: 1.0
vendor:	cisco	model:	secure access control server	scope:	eq	version:	4.0.1	Trust: 0.9
vendor:	cisco	model:	secure access control server	scope:	lt	version:	4.0.1	Trust: 0.8
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3.2	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3(1)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(3)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(2)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(1.20)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(1)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	4.1	Trust: 0.3

sources: CERT/CC: VU#744249 // CERT/CC: VU#477164 // CERT/CC: VU#443108 // BID: 21900 // JVNDB: JVNDB-2007-001337 // CNNVD: CNNVD-200701-065 // NVD: CVE-2007-0105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0105
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#744249
value:	21.38
Trust: 0.8
CARNEGIE MELLON:	VU#477164
value:	8.98
Trust: 0.8
CARNEGIE MELLON:	VU#443108
value:	2.36
Trust: 0.8
NVD:	CVE-2007-0105
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-065
value:	HIGH
Trust: 0.6
VULHUB:	VHN-23467
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0105
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23467
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#744249 // CERT/CC: VU#477164 // CERT/CC: VU#443108 // VULHUB: VHN-23467 // JVNDB: JVNDB-2007-001337 // CNNVD: CNNVD-200701-065 // NVD: CVE-2007-0105

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-065

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200701-065

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001337

PATCH

title:

cisco-sa-20070105-csacs

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070105-csacs

Trust: 0.8

sources: JVNDB: JVNDB-2007-001337

EXTERNAL IDS

db:	BID	id:	21900	Trust: 4.4
db:	CERT/CC	id:	VU#744249	Trust: 3.6
db:	NVD	id:	CVE-2007-0105	Trust: 2.8
db:	SECUNIA	id:	23629	Trust: 2.6
db:	VUPEN	id:	ADV-2007-0068	Trust: 1.7
db:	OSVDB	id:	32642	Trust: 1.7
db:	SECTRACK	id:	1017475	Trust: 1.7
db:	CERT/CC	id:	VU#477164	Trust: 1.1
db:	CERT/CC	id:	VU#443108	Trust: 1.1
db:	JVNDB	id:	JVNDB-2007-001337	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-065	Trust: 0.7
db:	CISCO	id:	20070105 MULTIPLE VULNERABILITIES IN CISCO SECURE ACCESS CONTROL SERVER	Trust: 0.6
db:	XF	id:	31323	Trust: 0.6
db:	VULHUB	id:	VHN-23467	Trust: 0.1
db:	PACKETSTORM	id:	53487	Trust: 0.1

sources: CERT/CC: VU#744249 // CERT/CC: VU#477164 // CERT/CC: VU#443108 // VULHUB: VHN-23467 // BID: 21900 // JVNDB: JVNDB-2007-001337 // PACKETSTORM: 53487 // CNNVD: CNNVD-200701-065 // NVD: CVE-2007-0105

REFERENCES

url:	http://www.securityfocus.com/bid/21900	Trust: 4.1
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml	Trust: 2.9
url:	http://www.kb.cert.org/vuls/id/744249	Trust: 2.8
url:	http://www.osvdb.org/32642	Trust: 1.7
url:	http://securitytracker.com/id?1017475	Trust: 1.7
url:	http://secunia.com/advisories/23629	Trust: 1.7
url:	http://www.niscc.gov.uk/niscc/docs/br-20070108-00015.html?lang=en	Trust: 1.6
url:	http://www.niscc.gov.uk/niscc/docs/re-20070108-00020.pdf?lang=en	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2007/0068	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/31323	Trust: 1.1
url:	http://secunia.com/advisories/23629/	Trust: 0.9
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml	Trust: 0.8
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070110-csacs.shtml	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0105	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0105	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/0068	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/31323	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/secursw/ps2086/index.html	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/477164	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/443108	Trust: 0.3
url:	http://secunia.com/product/10635/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/product/4206/	Trust: 0.1
url:	http://secunia.com/product/679/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

CREDITS

The vendor reported these issues.

Trust: 0.9

sources: BID: 21900 // CNNVD: CNNVD-200701-065

SOURCES

db:	CERT/CC	id:	VU#744249
db:	CERT/CC	id:	VU#477164
db:	CERT/CC	id:	VU#443108
db:	VULHUB	id:	VHN-23467
db:	BID	id:	21900
db:	JVNDB	id:	JVNDB-2007-001337
db:	PACKETSTORM	id:	53487
db:	CNNVD	id:	CNNVD-200701-065
db:	NVD	id:	CVE-2007-0105

LAST UPDATE DATE

2024-11-23T22:04:08.567000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#744249	date:	2007-01-26T00:00:00
db:	CERT/CC	id:	VU#477164	date:	2007-01-26T00:00:00
db:	CERT/CC	id:	VU#443108	date:	2007-01-26T00:00:00
db:	VULHUB	id:	VHN-23467	date:	2017-07-29T00:00:00
db:	BID	id:	21900	date:	2007-01-16T18:00:00
db:	JVNDB	id:	JVNDB-2007-001337	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-065	date:	2007-01-15T00:00:00
db:	NVD	id:	CVE-2007-0105	date:	2024-11-21T00:24:59.007

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#744249	date:	2007-01-15T00:00:00
db:	CERT/CC	id:	VU#477164	date:	2007-01-15T00:00:00
db:	CERT/CC	id:	VU#443108	date:	2007-01-15T00:00:00
db:	VULHUB	id:	VHN-23467	date:	2007-01-09T00:00:00
db:	BID	id:	21900	date:	2007-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2007-001337	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	53487	date:	2007-01-10T18:19:08
db:	CNNVD	id:	CNNVD-200701-065	date:	2007-01-08T00:00:00
db:	NVD	id:	CVE-2007-0105	date:	2007-01-09T00:28:00