CiscoSecure ACS For Windows Arbitrary File Access Vulnerability
by Nikola Strahija on April 5th, 2002 ACS is the commercial access control server distributed and maintained by Cisco Systems. This problem affects CiscoSecure ACS on the Microsoft Windows platform.
ACS does not properly handle user-supplied input. Under some circumstances, it may be possible for a remote user to read arbitrary files. By supplying a custom crafted URL to the ACS, an attacker may be able to read a file in a known location on the partition which the ACS software is installed. These file types are limited those ending in .html, .htm, .class, .jpeg, .jpg, and .gif.
Remote: Yes
Exploit: No
Solution: Fixes available:
Cisco Secure ACS for Windows NT 2.6:
Cisco Patch CSAdmin-patch-2.6-4-4.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win
Cisco Secure ACS for Windows NT 2.6.2:
Cisco Patch CSAdmin-patch-2.6-4-4.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win
Cisco Secure ACS for Windows NT 2.6.3:
Cisco Patch CSAdmin-patch-2.6-4-4.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win
Cisco Secure ACS for Windows NT 2.6.4:
Cisco Patch CSAdmin-patch-2.6-4-4.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win
Cisco Secure ACS for Windows NT 3.0 .1:
Cisco Patch CSAdmin-patch-3.0-1-40.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win
Cisco Secure ACS for Windows NT 3.0:
Cisco Patch CSAdmin-patch-3.0-1-40.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win