CVE-2006-4098

Vulnerability from cvelistv5

Published

2007-01-08 23:00

Modified

2024-08-07 18:57

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/36126
cve@mitre.org	http://secunia.com/advisories/23629	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017475
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
cve@mitre.org	http://www.kb.cert.org/vuls/id/477164	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/21900
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0068
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/31327
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36126
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23629	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017475
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/477164	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21900
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0068
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31327

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:57:46.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "23629",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23629"
          },
          {
            "name": "21900",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21900"
          },
          {
            "name": "VU#477164",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/477164"
          },
          {
            "name": "cisco-acs-csradius-bo(31327)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
          },
          {
            "name": "ADV-2007-0068",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0068"
          },
          {
            "name": "1017475",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017475"
          },
          {
            "name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
          },
          {
            "name": "36126",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36126"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "23629",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23629"
        },
        {
          "name": "21900",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21900"
        },
        {
          "name": "VU#477164",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/477164"
        },
        {
          "name": "cisco-acs-csradius-bo(31327)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
        },
        {
          "name": "ADV-2007-0068",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0068"
        },
        {
          "name": "1017475",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017475"
        },
        {
          "name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
        },
        {
          "name": "36126",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36126"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4098",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "23629",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23629"
            },
            {
              "name": "21900",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21900"
            },
            {
              "name": "VU#477164",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/477164"
            },
            {
              "name": "cisco-acs-csradius-bo(31327)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
            },
            {
              "name": "ADV-2007-0068",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0068"
            },
            {
              "name": "1017475",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017475"
            },
            {
              "name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
            },
            {
              "name": "36126",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36126"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4098",
    "datePublished": "2007-01-08T23:00:00",
    "dateReserved": "2006-08-14T00:00:00",
    "dateUpdated": "2024-08-07T18:57:46.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44D05855-C8C1-4243-8438-5A36A01A8F48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"109147BF-3225-48E4-8BE1-2E5B59921032\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.2\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86806D6E-1BDF-4253-AEB7-D9D88D224812\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.2\\\\(1.20\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0BD6882-379C-4EA7-8E51-124273C5A56F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.2\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"680E5A81-6409-4CE7-8496-D7845FD7E851\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.2\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3868E060-0278-491A-9943-1A2E435C7606\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F39D3441-C84A-403A-ACB4-8019579EE4DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61ED039B-C3E6-4BC8-A97A-351EC9CEAF16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2793200-D95D-4BD3-8DF2-4A847230FBE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.3\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E587654-B5A0-47A4-BED6-D8DB69AEF566\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F07B954-817F-47AC-BCAC-3DA697A6E2F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CC1B599-05C0-4FB5-A47B-5D858DAB43A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"036B1C12-5327-40D1-BEC3-ABEC878CF776\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88F2EA27-B8D1-4DD1-AD14-C9B281A496C5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en pila en el servicio CSRadius de Cisco Secure Access Control Server (ACS)para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante un paquete de petici\\u00f3n de tarificaci\\u00f3n RADIUS (RADIUS Accounting-Request) manipulado.\"}]",
      "id": "CVE-2006-4098",
      "lastModified": "2024-11-21T00:15:09.730",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-12-31T05:00:00.000",
      "references": "[{\"url\": \"http://osvdb.org/36126\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/23629\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017475\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/477164\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/21900\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0068\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31327\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/36126\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/23629\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017475\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/477164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/21900\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0068\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31327\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-4098\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-12-31T05:00:00.000\",\"lastModified\":\"2024-11-21T00:15:09.730\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en el servicio CSRadius de Cisco Secure Access Control Server (ACS)para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete de petici\u00f3n de tarificaci\u00f3n RADIUS (RADIUS Accounting-Request) manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44D05855-C8C1-4243-8438-5A36A01A8F48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"109147BF-3225-48E4-8BE1-2E5B59921032\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.2\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86806D6E-1BDF-4253-AEB7-D9D88D224812\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.2\\\\(1.20\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0BD6882-379C-4EA7-8E51-124273C5A56F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.2\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"680E5A81-6409-4CE7-8496-D7845FD7E851\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.2\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3868E060-0278-491A-9943-1A2E435C7606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F39D3441-C84A-403A-ACB4-8019579EE4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61ED039B-C3E6-4BC8-A97A-351EC9CEAF16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2793200-D95D-4BD3-8DF2-4A847230FBE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.3\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E587654-B5A0-47A4-BED6-D8DB69AEF566\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F07B954-817F-47AC-BCAC-3DA697A6E2F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC1B599-05C0-4FB5-A47B-5D858DAB43A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036B1C12-5327-40D1-BEC3-ABEC878CF776\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F2EA27-B8D1-4DD1-AD14-C9B281A496C5\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/36126\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23629\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017475\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/477164\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/21900\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0068\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31327\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/36126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/477164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/21900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-fm3h-2rr5-p2c2

Vulnerability from github

Published

2022-05-01 07:15

Modified

2022-05-01 07:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4098"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-12-31T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.",
  "id": "GHSA-fm3h-2rr5-p2c2",
  "modified": "2022-05-01T07:15:26Z",
  "published": "2022-05-01T07:15:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4098"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/36126"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23629"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017475"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/477164"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21900"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0068"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2006-4098

Vulnerability from fkie_nvd

Published

2006-12-31 05:00

Modified

2024-11-21 00:15

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/36126
cve@mitre.org	http://secunia.com/advisories/23629	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017475
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
cve@mitre.org	http://www.kb.cert.org/vuls/id/477164	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/21900
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0068
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/31327
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36126
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23629	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017475
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/477164	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21900
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0068
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31327

Impacted products

Vendor	Product	Version
cisco	secure_access_control_server	3.0
cisco	secure_access_control_server	3.1
cisco	secure_access_control_server	3.2
cisco	secure_access_control_server	3.2\(1\)
cisco	secure_access_control_server	3.2\(1.20\)
cisco	secure_access_control_server	3.2\(2\)
cisco	secure_access_control_server	3.2\(3\)
cisco	secure_access_control_server	3.2.1
cisco	secure_access_control_server	3.2.2
cisco	secure_access_control_server	3.3
cisco	secure_access_control_server	3.3\(1\)
cisco	secure_access_control_server	3.3.1
cisco	secure_access_control_server	3.3.2
cisco	secure_access_control_server	4.0
cisco	secure_access_control_server	4.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1.20\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B0BD6882-379C-4EA7-8E51-124273C5A56F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F39D3441-C84A-403A-ACB4-8019579EE4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61ED039B-C3E6-4BC8-A97A-351EC9CEAF16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F07B954-817F-47AC-BCAC-3DA697A6E2F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC1B599-05C0-4FB5-A47B-5D858DAB43A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036B1C12-5327-40D1-BEC3-ABEC878CF776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F2EA27-B8D1-4DD1-AD14-C9B281A496C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en el servicio CSRadius de Cisco Secure Access Control Server (ACS)para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete de petici\u00f3n de tarificaci\u00f3n RADIUS (RADIUS Accounting-Request) manipulado."
    }
  ],
  "id": "CVE-2006-4098",
  "lastModified": "2024-11-21T00:15:09.730",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/36126"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23629"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017475"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/477164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21900"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0068"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/477164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. Versions prior to 4.1 are vulnerable to these issues. Two of the vulnerabilities may permit arbitrary code execution after exploitation of the specified vulnerability.

Affected Cisco Secure ACS services, and the impact of the vulnerabilities are as follows:

Specially Crafted HTTP GET Request Vulnerability: Processing a specially crafted HTTP GET request may crash the CSAdmin service. This vulnerability is also susceptible to a stack overflow condition.
Specially Crafted RADIUS Accounting-Request Vulnerability: Processing a specially crafted RADIUS Accounting-Request packet may crash the CSRadius service. This vulnerability is also susceptible to a stack overflow condition.
Specially Crafted RADIUS Access-Request Vulnerabilities: Processing a specially crafted RADIUS Access-Request packet may crash the CSRadius service.

Cisco has made free software available to address this issue for affected customers.

We would like to thank CESG's Vulnerability Research Group and National Infrastructure Security Co-ordination Centre (NISCC) for reporting several of these vulnerabilities to Cisco Systems.

We greatly appreciate the opportunity to work with researchers on security vulnerabilities, and welcome the opportunity to review and assist in product reports.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml. The following example would be seen when running Cisco Secure ACS software version 4.0(1) Build 27:

CiscoSecure ACS
ACS software version 4.0(1) Build 27:
Copyright information is seen underneath this information.

Products Confirmed Not Vulnerable +--------------------------------

Cisco Secure ACS for Unix (CSU).
Cisco CNS Access Registrar (CAR).
Cisco Secure ACS server for Windows version 4.1(X) or later.
Cisco Secure ACS server solution Engine version 4.1(X) or later.

CSAdmin is the service that provides the web server for the ACS web administration interface.

CSRadius is the service that communicates between the CSAuth module (the authentication and authorization service) and the access device that is requesting authentication and authorization services.

Specially Crafted HTTP GET Request Vulnerability: +------------------------------------------------

This vulnerability is exploited by processing a specially crafted HTTP GET request. Upon successful exploitation, the CSAdmin service may crash. This vulnerability is also susceptible to a stack based overflow condition which may allow arbitrary code execution if successfully exploited.

If this vulnerability is successfully exploited, the CSAdmin service will require a manual restart of the service. Normal Authentication, Authorization and Accounting (AAA) processing will continue. With Cisco Secure ACS for Windows you can start or stop CSAdmin from the Windows Control Panel. Upon successful exploitation, the CSRadius service may crash and an exception trap error will be generated for the CSRadius service within the Windows Event Viewer System log. This vulnerability is also susceptible to a stack based overflow condition which may allow arbitrary code execution if successfully exploited.

This vulnerability is documented in Cisco Bug ID:

CSCse18278 -- Stack based overflow within CSRadius when processing Accounting-Request. These vulnerabilities will not allow arbitrary code execution after successful exploitation. An exception trap error will be recorded within the CSRadius log file and an error will be seen for the CSRadius service within the Windows Event Viewer System log after successful exploitation.

These vulnerabilities are documented in Cisco Bug IDs:

CSCse18250 -- CSRadius Service crashes when processing a specially crafted Access-Request packet. (CVE-2006-4097)
CSCeg04788 -- CSRadius Service crashes when processing a specially crafted Access-Request packet.
CSCeg04666 -- CSRadius Service crashes when processing a specially crafted Access-Request packet.

Vulnerability Scoring Details

Cisco is providing scores for the vulnerabilities in this advisory based Con the ommon Vulnerability Scoring System (CVSS).

Cisco will provide a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.

Cisco PSIRT will set the bias in all cases to normal. Customers are encouraged to apply the bias parameter when determining the environmental impact of a particular vulnerability.

CVSS is a standards based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.

Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html.

Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss.

Cisco Bug IDs:

CSCsd96293 - Stack based overflow within CSAdmin when processing HTTP GET request +---------------------------------------

CVSS Base Score - 10

Access Vector: Remote Access Complexity: Low Authentication: Not Required Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete Impact Bias: Normal

CVSS Temporal Score - 8.3