Cisco Secure ACS EAP-Response Packet Parsing Denial of Service Vulnerability

Bugtraq ID: 30997
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2008-2441
Remote: Yes
Local: No
Published: Sep 03 2008 12:00AM
Updated: Sep 03 2008 07:45PM
Credit: Gabriel Campana and Laurent Butti from France Telecom / Orange
Vulnerable: Cisco Secure ACS for Windows 4.1
Cisco Secure ACS 4.1(1) build 23
Cisco Secure Access Control Server 4.1
Cisco Secure Access Control Server 4.0.1
Cisco Secure Access Control Server 3.3.2
Cisco Secure Access Control Server 3.3.1
Cisco Secure Access Control Server 3.3 (1)
Cisco Secure Access Control Server 3.3
Cisco Secure Access Control Server 3.2.2
Cisco Secure Access Control Server 3.2.1
Cisco Secure Access Control Server 3.2 (3)
Cisco Secure Access Control Server 3.2 (2)
Cisco Secure Access Control Server 3.2 (1.20)
Cisco Secure Access Control Server 3.2 (1)
Cisco Secure Access Control Server 4.0
Cisco CiscoSecure ACS for Windows 3.2
Cisco CiscoSecure ACS for Windows 3.1
Not Vulnerable: Cisco Secure ACS for Windows 4.2(0) Build 124 pat
Cisco Secure ACS for Windows 4.1(4) Build 13 patc
Cisco Secure ACS for Windows 3.3(4) Build 12 patc


 

Privacy Statement
Copyright 2010, SecurityFocus