Update Protection against Cisco Secure Access Control Server UCP Application Buffer Overflow
| Check Point Reference: | CPAI-2008-268 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA29351 | |
| Industry Reference(s): | CVE-2008-0532 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Cisco Systems UCP Prior to 4.2 | ||
| Vulnerability Description Cisco Secure Access Control Server provides authentication, authorization, and accounting (AAA) services to network devices that control client access to the network. Such devices include network access servers, PIX firewalls, wireless access points, routers and switches. |
||
|
Vulnerability Details A buffer overflow vulnerability exists in Cisco User-Changeable Password (UCP) application that is used by Cisco Secure Access Control Server (ACS) and other products. The vulnerability is due to insufficient input validation in the executable file CSuserCGI.exe. Remote unauthenticated attackers could exploit this vulnerability by providing a large argument in a request to the server, and leverage this vulnerability to execute arbitrary code with the privileges of the affected product, or cause a denial of service condition. In an attack case where code injection is not successful, the affected application will terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.