TACACS+ Denial of Service Vulnerability

Solution:
From Damir Rajnovic <gaus@cisco.com>:
We updated our unsupported version of TACACS+ server so it is no longer vulnerable to oversized T+ packets. You can download the new version, F4.0.4 alpha, if you follow this URL: ftp://ftp-eng.cisco.com/pub/tacacs

A patch was supplied by Solar Designer in his paper analyzing tacacs+ vulnerabilities.


Cisco tac_plus 4.0.3 alpha


 

Privacy Statement
Copyright 2010, SecurityFocus