Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CiscoSecure ACS For Windows Arbitrary File Access Vulnerability

CiscoSecure ACS For Windows Arbitrary File Access Vulnerability

by Nikola Strahija on April 5th, 2002 ACS is the commercial access control server distributed and maintained by Cisco Systems. This problem affects CiscoSecure ACS on the Microsoft Windows platform.


ACS does not properly handle user-supplied input. Under some circumstances, it may be possible for a remote user to read arbitrary files. By supplying a custom crafted URL to the ACS, an attacker may be able to read a file in a known location on the partition which the ACS software is installed. These file types are limited those ending in .html, .htm, .class, .jpeg, .jpg, and .gif.

Remote: Yes

Exploit: No

Solution: Fixes available:


Cisco Secure ACS for Windows NT 2.6:

Cisco Patch CSAdmin-patch-2.6-4-4.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win

Cisco Secure ACS for Windows NT 2.6.2:

Cisco Patch CSAdmin-patch-2.6-4-4.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win

Cisco Secure ACS for Windows NT 2.6.3:

Cisco Patch CSAdmin-patch-2.6-4-4.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win

Cisco Secure ACS for Windows NT 2.6.4:

Cisco Patch CSAdmin-patch-2.6-4-4.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win

Cisco Secure ACS for Windows NT 3.0 .1:

Cisco Patch CSAdmin-patch-3.0-1-40.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win

Cisco Secure ACS for Windows NT 3.0:

Cisco Patch CSAdmin-patch-3.0-1-40.zip
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win





Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »