Buffer Overflow in Cisco ACS for Windows

Reported April 23, 2003, by Cisco Systems


Cisco Secure ACS 3.1.1, 3.0.3, 2.6.4, and earlier


Cisco Secure ACS for Windows contains a buffer overflow condition that can permit a Denial of Service (DoS) attack and a root compromise. The problem appears to occur during the software's handling of logon sequences.

Cisco recommends that customers upgrade to repaired versions of Cisco Secure ACS or install Cisco Secure ACS so that either no external access to management interfaces is permitted or access to the interfaces is restricted. Users who want to restrict access to management interfaces need to block access to ACS on port 2002.


Cisco has released a bulletin and free upgrades, which you can download from the company's Web site.


Discovered by NSFocus.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.