Security Alert, April 5, 2002
* MULTIPLE VULNERABILITIES IN CISCO SECURE ACCESS CONTROL SERVER FOR
WINDOWS
Two vulnerabilities exist in Cisco Systems' Secure Access Control
Server for Windows. The first vulnerability can lead to arbitrary code
execution on the server, and the second problem can lead to information
disclosure. With the first vulnerability, an attacker can connect to
port 2002 and send a specially crafted URL to kill the CSADMIN module or
execute arbitrary user-supplied code. The second vulnerability can let
an attacker use "..\.." in the URL to access data in any directory
outside the Web root directory (but only on the same hard disk or disk
partition) by accessing only the following file types: HTML, HTM, CLASS,
JPG, JPEG, and GIF. An attacker must also know the exact location and
filename to access the data--the attacker can't browse a directory this
way.
Find me at
"The trouble with giving up civil rights is that you never get them back"
* MULTIPLE VULNERABILITIES IN CISCO SECURE ACCESS CONTROL SERVER FOR
WINDOWS
Two vulnerabilities exist in Cisco Systems' Secure Access Control
Server for Windows. The first vulnerability can lead to arbitrary code
execution on the server, and the second problem can lead to information
disclosure. With the first vulnerability, an attacker can connect to
port 2002 and send a specially crafted URL to kill the CSADMIN module or
execute arbitrary user-supplied code. The second vulnerability can let
an attacker use "..\.." in the URL to access data in any directory
outside the Web root directory (but only on the same hard disk or disk
partition) by accessing only the following file types: HTML, HTM, CLASS,
JPG, JPEG, and GIF. An attacker must also know the exact location and
filename to access the data--the attacker can't browse a directory this
way.
Find me at
"The trouble with giving up civil rights is that you never get them back"