Reported April 4, 2002, by Cisco Systems.
VERSION AFFECTED
· Cisco Systems Secure Access Control Server for Windows
DESCRIPTION
Two vulnerabilities exist in Cisco Systems’ Secure Access Control
Server for Windows. The first vulnerability can lead to arbitrary code execution
on the server, and the second problem can lead to information disclosure. With
the first vulnerability, an attacker can
connect to port 2002 and send a specially crafted URL to kill
the CSADMIN module or execute arbitrary
user-supplied code. The second vulnerability can let an attacker
use "..\.." in the URL to access data in any directory outside the Web
root directory (but only on the same hard disk or disk partition) by accessing
only the following file types:
· Html
· Htm
· Class
· Jpg
· Jpeg
· Gif
An attacker must also know the exact location and filename to access the data—the attacker can't browse a directory this way.
VENDOR RESPONSE
Cisco Systems has issued a notice about this vulnerability and recommends that affected users obtain an upgrade of the software using normal support channels.
CREDIT
Discovered by Cisco Systems.