Reported April 4, 2002, by Cisco Systems.
· Cisco Systems Secure Access Control Server for Windows
Two vulnerabilities exist in Cisco Systems’ Secure Access Control Server for Windows. The first vulnerability can lead to arbitrary code execution on the server, and the second problem can lead to information disclosure. With the first vulnerability, an attacker can connect to port 2002 and send a specially crafted URL to kill the CSADMIN module or execute arbitrary user-supplied code. The second vulnerability can let an attacker use "..\.." in the URL to access data in any directory outside the Web root directory (but only on the same hard disk or disk partition) by accessing only the following file types:
An attacker must also know the exact location and filename to access the data—the attacker can't browse a directory this way.
Discovered by Cisco Systems.