cve-2008-2441

Vulnerability from cvelistv5

Published

2008-09-04 16:00

Modified

2024-08-07 08:58

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://secunia.com/advisories/31731
	cve@mitre.org	http://securityreason.com/securityalert/4216
	cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml
	cve@mitre.org	http://www.securityfocus.com/archive/1/495937/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/30997
	cve@mitre.org	http://www.securitytracker.com/id?1020814
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44871
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31731
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4216
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495937/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30997
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020814
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44871

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:58:02.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1020814",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020814"
          },
          {
            "name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
          },
          {
            "name": "31731",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31731"
          },
          {
            "name": "4216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4216"
          },
          {
            "name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
          },
          {
            "name": "30997",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30997"
          },
          {
            "name": "cisco-sacs-eap-dos(44871)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1020814",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020814"
        },
        {
          "name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
        },
        {
          "name": "31731",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31731"
        },
        {
          "name": "4216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4216"
        },
        {
          "name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
        },
        {
          "name": "30997",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30997"
        },
        {
          "name": "cisco-sacs-eap-dos(44871)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2441",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1020814",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020814"
            },
            {
              "name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
            },
            {
              "name": "31731",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31731"
            },
            {
              "name": "4216",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4216"
            },
            {
              "name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
            },
            {
              "name": "30997",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30997"
            },
            {
              "name": "cisco-sacs-eap-dos(44871)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2441",
    "datePublished": "2008-09-04T16:00:00",
    "dateReserved": "2008-05-27T00:00:00",
    "dateUpdated": "2024-08-07T08:58:02.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_acs:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E137A796-4F14-4BFB-81C5-11A145DDD1F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:secure_access_control_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ACD712D-B8B8-4551-925E-27E541C8001F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.\"}, {\"lang\": \"es\", \"value\": \"Cisco Secure ACS versiones 3.x anteriores a 3.3 (4) Build 12, Parche 7, versiones 4.0.x, versiones 4.1.x anteriores a 4.1 (4) Build 13, Parche 11 y versiones 4.2.x anteriores a 4.2 (0) Build 124, Parche 4 no maneja apropiadamente un paquete de EAP Response en el que el valor del campo length excede la longitud actual del paquete, lo que permite a los usuarios autenticados remotos causar una denegaci\\u00f3n de servicio (bloqueo del servicio CSRadius y CSAuth) o posiblemente ejecutar c\\u00f3digo arbitrario por medio de un paquete RADIUS dise\\u00f1ado (1) EAP-Response/Identity, (2) EAP-Response/MD5, o (3) EAP-Response/TLS Message Attribute.\"}]",
      "id": "CVE-2008-2441",
      "lastModified": "2024-11-21T00:46:53.480",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2008-09-04T16:41:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/31731\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/4216\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/495937/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/30997\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1020814\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/44871\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31731\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/4216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/495937/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/30997\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1020814\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/44871\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}, {\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2441\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-04T16:41:00.000\",\"lastModified\":\"2024-11-21T00:46:53.480\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.\"},{\"lang\":\"es\",\"value\":\"Cisco Secure ACS versiones 3.x anteriores a 3.3 (4) Build 12, Parche 7, versiones 4.0.x, versiones 4.1.x anteriores a 4.1 (4) Build 13, Parche 11 y versiones 4.2.x anteriores a 4.2 (0) Build 124, Parche 4 no maneja apropiadamente un paquete de EAP Response en el que el valor del campo length excede la longitud actual del paquete, lo que permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del servicio CSRadius y CSAuth) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un paquete RADIUS dise\u00f1ado (1) EAP-Response/Identity, (2) EAP-Response/MD5, o (3) EAP-Response/TLS Message Attribute.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"},{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_acs:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E137A796-4F14-4BFB-81C5-11A145DDD1F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:secure_access_control_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ACD712D-B8B8-4551-925E-27E541C8001F\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/31731\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/4216\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/495937/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/30997\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020814\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44871\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/495937/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30997\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020814\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44871\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet. Provided by Cisco Systems Cisco Secure ACS There is a service disruption (DoS) Vulnerabilities and arbitrary code execution vulnerabilities. Also illegal RADIUS (1) EAP-Response/Identity (2) EAP-Response/MD5 (3) EAP-Response/TLS May cause arbitrary code execution.Please refer to the “Overview” for the impact of this vulnerability. Cisco Secure ACS is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to crash the CSRadius and CSAuth processes, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. This vulnerability is documented in Cisco bug ID CSCsq10103. This bug may be triggered if the length field of an EAP-Response packet has a certain big value, greater than the real packet length. Any EAP-Response can trigger this bug: EAP-Response/Identity, EAP-Response/MD5, EAP-Response/TLS... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

For example, the following packet will trigger the vulnerability and crash CSRadius.exe:

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 2 | 0 | 0xdddd | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1 | abcd +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Attack Impact:

Denial-of-service and possibly remote arbitrary code execution

Attack Vector:

Have access as a RADIUS client (knowing or guessing the RADIUS shared secret) or from an unauthenticated wireless device if the access point relays malformed EAP frames

Timeline:

2008-05-05 - Vulnerability reported to Cisco
2008-05-05 - Cisco acknowledged the notification
2008-05-05 - PoC sent to Cisco
2008-05-13 - Cisco confirmed the issue
2008-09-03 - Coordinated public release of advisory

Credits:

This vulnerability was discovered by Gabriel Campana and Laurent Butti from France Telecom / Orange .

SOLUTION: Apply patches. Please see the vendor advisory for details.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability

http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml

Revision 1.0

For Public Release 2008 September 03 1600 UTC (GMT)

Cisco Response

This is the Cisco PSIRT response to the statements made by Laurent Butti and Gabriel Campana of Orange Labs / France Telecom Group, in their advisory: "Cisco Secure ACS EAP Parsing Vulnerability". Because this affects CSAuth all authentication requests via RADIUS or TACACS+ will be affected during exploitation of this vulnerability.

Cisco ACS installations that are configured with AAA Clients to authenticate using TACACS+ only are not affected by this vulnerability.

The RADIUS shared secret and a valid known Network Access Server (NAS) IP address must be known to carry out this exploit.

The Cisco PSIRT team greatly appreciates the opportunity to work with researchers on security vulnerabilities, and we welcome the opportunity to review and assist in product reports. We thank Laurent Butti and Gabriel Campana of Orange Labs / France Telecom Group for reporting this vulnerability to Cisco PSIRT.

Software patches are available for customers with support contracts and should be obtained through their regular support channels. The upgrade to fixed software is not a free upgrade. See Software Versions and Fixes section within this advisory for further information on obtaining fixed software. It is the integration and control layer for managing enterprise network users, administrators, and the resources of the network infrastructure.

Described in RFC2865, RADIUS is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation, RADIUS clients run on Cisco devices and send authentication requests to a central RADIUS server (Cisco Secure ACS) that contains all user authentication and network service access information.

Described in RFC3748, EAP is an authentication framework that supports multiple authentication methods. Typically, EAP runs directly over data link layers, such as Point-to-Point Protocol (PPP) or IEEE 802, without requiring IP.

A specially crafted RADIUS EAP Message Attribute packet will crash the CSRadius and CSAuth services. An error message will be indicated in the Windows event viewer - System Log indicating "The CSAuth service terminated unexpectedly" and "The CSRadius service terminated unexpectedly". In the Cisco ACS Reports and Activity tab, under ACS Service Monitoring, the logs will indicate CSAuth is not running and attempts to restart.

The CSRadius service handles communication between the service for authentication and authorization (CSAuth service) and the access device requesting the authentication and authorization services for RADIUS. In many cases continued exploitation will prevent network access to devices which first require authentication or authorization via the AAA Server.

Software Versions and Fixes +--------------------------

When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.

+--------------------------------------------------------+ | Affected | First Fixed Release | | Release | | |------------+-------------------------------------------| | 3.X.Y | Release 3.3(4) Build 12 patch 7 or later | |------------+-------------------------------------------| | 4.0.X | Vulnerable; Contact TAC | |------------+-------------------------------------------| | 4.1.X | Release 4.1(4) Build 13 Patch 11 or later | |------------+-------------------------------------------| | 4.2.X | Release 4.2(0) Build 124 Patch 4 or later | +--------------------------------------------------------+

The fixed software for Cisco Secure ACS for Windows (ACS) can be downloaded from: http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

The fixed software for Cisco Secure ACS Solution Engine (ACSE) can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des?psrtdcat20e2

The first fixed release files names are indicated below:

+------------------------------------+ | | 4.2 cumulative patch | |----------+-------------------------| | CS ACS | | | for | ACS-4.2.0.124.4-SW.zip | | Windows | | |----------+-------------------------| | CS ACS | | | Solution | applAcs_4.2.0.124.4.zip | | Engine | | +------------------------------------+

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

Revision History

+-------------------------------------------------------------+ | Revision 1.0 | 2008-September-03 | Initial Public Release. | +-------------------------------------------------------------+

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psir -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAki+vfsACgkQ86n/Gc8U/uA10wCff/HycCGi+SD6hm5g82Hi9WD0 X54AnikxZGx5tHDzpdsRfHNqEAb2qATD =kaFk -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200809-0012",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure acs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "secure access control server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3"
      },
      {
        "model": "secure access control server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "secure access control server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "secure access control server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "secure acs build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3(1)"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.2"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2(3)"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2(2)"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2(1.20)"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2(1)"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "ciscosecure acs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "ciscosecure acs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "secure acs for windows build pat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(0)124"
      },
      {
        "model": "secure acs for windows build patc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(4)13"
      },
      {
        "model": "secure acs for windows build patc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3(4)12"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "30997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_acs:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2441"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Laurent Butti\u203b laurent.butti@orange-ftgroup.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-2441",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2008-2441",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-32566",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-2441",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200809-049",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-32566",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet. Provided by Cisco Systems Cisco Secure ACS There is a service disruption (DoS) Vulnerabilities and arbitrary code execution vulnerabilities. Also illegal RADIUS (1) EAP-Response/Identity (2) EAP-Response/MD5 (3) EAP-Response/TLS May cause arbitrary code execution.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Cisco Secure ACS  is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input. \nAn attacker can exploit this issue to crash the CSRadius and CSAuth processes, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. \nThis vulnerability is documented in Cisco bug ID CSCsq10103. This bug may\nbe triggered if the length field of an EAP-Response packet has a certain\nbig value, greater than the real packet length. Any EAP-Response can\ntrigger this bug: EAP-Response/Identity, EAP-Response/MD5,\nEAP-Response/TLS... \n   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n\n* For example, the following packet will trigger the vulnerability and\ncrash CSRadius.exe:\n\n   0                   1                   2                   3\n   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1\n   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n   |       2       |       0       |            0xdddd             |\n   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n   |       1       |     abcd\n   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n\nAttack Impact:\n--------------\n* Denial-of-service and possibly remote arbitrary code execution\n\nAttack Vector:\n--------------\n* Have access as a RADIUS client (knowing or guessing the RADIUS shared\nsecret) or from an unauthenticated wireless device if the access point\nrelays malformed EAP frames\n\nTimeline:\n---------\n* 2008-05-05 - Vulnerability reported to Cisco\n* 2008-05-05 - Cisco acknowledged the notification\n* 2008-05-05 - PoC sent to Cisco\n* 2008-05-13 - Cisco confirmed the issue\n* 2008-09-03 - Coordinated public release of advisory\n\nCredits:\n--------\n* This vulnerability was discovered by Gabriel Campana and Laurent Butti\nfrom France Telecom / Orange\n. \n\nSOLUTION:\nApply patches. Please see the vendor advisory for details. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCisco Security Response: Cisco Secure ACS Denial Of Service\n                         Vulnerability\n\nhttp://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml\n\nRevision 1.0\n============\n\nFor Public Release 2008 September 03 1600 UTC (GMT)\n\nCisco Response\n==============\n\nThis is the Cisco PSIRT response to the statements made by Laurent\nButti and Gabriel Campana of Orange Labs / France Telecom Group, in\ntheir advisory: \"Cisco Secure ACS EAP Parsing Vulnerability\". Because this\naffects CSAuth all authentication requests via RADIUS or TACACS+ will\nbe affected during exploitation of this vulnerability. \n\nCisco ACS installations that are configured with AAA Clients to\nauthenticate using TACACS+ only are not affected by this\nvulnerability. \n\nThe RADIUS shared secret and a valid known Network Access Server\n(NAS) IP address must be known to carry out this exploit. \n\nThe Cisco PSIRT team greatly appreciates the opportunity to work with\nresearchers on security vulnerabilities, and we welcome the\nopportunity to review and assist in product reports. We thank Laurent\nButti and Gabriel Campana of Orange Labs / France Telecom Group for\nreporting this vulnerability to Cisco PSIRT. \n\nSoftware patches are available for customers with support contracts\nand should be obtained through their regular support channels. The\nupgrade to fixed software is not a free upgrade. See Software\nVersions and Fixes section within this advisory for further\ninformation on obtaining fixed software. It is\nthe integration and control layer for managing enterprise network\nusers, administrators, and the resources of the network\ninfrastructure. \n\nDescribed in RFC2865, RADIUS is a distributed client/server system\nthat secures networks against unauthorized access. In the Cisco\nimplementation, RADIUS clients run on Cisco devices and send\nauthentication requests to a central RADIUS server \n(Cisco Secure ACS) that contains all user authentication and network\nservice access information. \n\nDescribed in RFC3748, EAP is an authentication framework that\nsupports multiple authentication methods. Typically, EAP runs\ndirectly over data link layers, such as Point-to-Point \nProtocol (PPP) or IEEE 802, without requiring IP. \n\nA specially crafted RADIUS EAP Message Attribute packet will crash\nthe CSRadius and CSAuth services. An error message will be indicated\nin the Windows event viewer - System Log indicating \"The CSAuth\nservice terminated unexpectedly\" and \"The CSRadius service terminated\nunexpectedly\". In the Cisco ACS Reports and Activity tab, under ACS\nService Monitoring, the logs will indicate CSAuth is not running and\nattempts to restart. \n\nThe CSRadius service handles communication between the service for\nauthentication and authorization (CSAuth service) and the access\ndevice requesting the authentication and authorization services for\nRADIUS. In many cases continued exploitation\nwill prevent network access to devices which first require\nauthentication or authorization via the AAA Server. \n\nSoftware Versions and Fixes\n+--------------------------\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to\ndetermine exposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\n+--------------------------------------------------------+\n|  Affected  |   First Fixed Release                     |\n|  Release   |                                           |\n|------------+-------------------------------------------|\n| 3.X.Y      | Release 3.3(4) Build 12 patch 7 or later  |\n|------------+-------------------------------------------|\n| 4.0.X      | Vulnerable; Contact TAC                   |\n|------------+-------------------------------------------|\n| 4.1.X      | Release 4.1(4) Build 13 Patch 11 or later |\n|------------+-------------------------------------------|\n| 4.2.X      | Release 4.2(0) Build 124 Patch 4 or later |\n+--------------------------------------------------------+\n\nThe fixed software for Cisco Secure ACS for Windows (ACS) can be\ndownloaded from:\nhttp://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des\n\nThe fixed software for Cisco Secure ACS Solution Engine (ACSE) can be\ndownloaded from:\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des?psrtdcat20e2\n\nThe first fixed release files names are indicated below:\n\n+-----------------------------------------------------------+\n|          |  3.x cumulative patch |  4.1 cumulative patch  |\n|----------+-----------------------+------------------------+\n| CS ACS   |                       |                        |\n| for      | Acs-3.3.4.12.7-SW.zip | Acs-4.1.4.13.11-SW.zip |\n| Windows  |                       |                        |\n|----------+-----------------------+------------------------+\n| CS ACS   |                       |                        |\n| Solution | applAcs-3.3.4.12.7.zip| applAcs_4.1.4.13.11.zip|\n| Engine   |                       |                        |\n+-----------------------------------------------------------+\n\n+------------------------------------+\n|          |  4.2 cumulative patch   |\n|----------+-------------------------|\n| CS ACS   |                         |\n| for      | ACS-4.2.0.124.4-SW.zip  |\n| Windows  |                         |\n|----------+-------------------------|\n| CS ACS   |                         |\n| Solution | applAcs_4.2.0.124.4.zip |\n| Engine   |                         |\n+------------------------------------+\n\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nRevision History\n================\n\n+-------------------------------------------------------------+\n| Revision 1.0 | 2008-September-03 | Initial Public  Release. | \n+-------------------------------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities in Cisco\nproducts, obtaining assistance with security incidents, and\nregistering to receive security information from Cisco, is available\non Cisco\u0027s worldwide website at\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html \nThis includes instructions for press inquiries regarding Cisco\nsecurity notices.  All Cisco security advisories are available at\nhttp://www.cisco.com/go/psir\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.8 (Darwin)\n\niEYEARECAAYFAki+vfsACgkQ86n/Gc8U/uA10wCff/HycCGi+SD6hm5g82Hi9WD0\nX54AnikxZGx5tHDzpdsRfHNqEAb2qATD\n=kaFk\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2441"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      },
      {
        "db": "BID",
        "id": "30997"
      },
      {
        "db": "VULHUB",
        "id": "VHN-32566"
      },
      {
        "db": "PACKETSTORM",
        "id": "69602"
      },
      {
        "db": "PACKETSTORM",
        "id": "69655"
      },
      {
        "db": "PACKETSTORM",
        "id": "69603"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-32566",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32566"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-2441",
        "trust": 3.0
      },
      {
        "db": "SREASON",
        "id": "4216",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1020814",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "30997",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "31731",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20080903 CISCO SECURE ACS EAP PARSING VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20080903 CISCO SECURITY RESPONSE: CISCO SECURE ACS DENIAL OF SERVICE VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-049",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "69602",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "69603",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-32566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "69655",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32566"
      },
      {
        "db": "BID",
        "id": "30997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      },
      {
        "db": "PACKETSTORM",
        "id": "69602"
      },
      {
        "db": "PACKETSTORM",
        "id": "69655"
      },
      {
        "db": "PACKETSTORM",
        "id": "69603"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ]
  },
  "id": "VAR-200809-0012",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32566"
      }
    ],
    "trust": 0.427272725
  },
  "last_update_date": "2023-12-18T13:44:58.693000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sr-20080903-csacs",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-noinfo",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2441"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1020814"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/4216"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/30997"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/31731"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2441"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2441"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/495937/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/495952"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/495937"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2441"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/10635/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/31731/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4206/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/679/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2008-09/0033.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13658/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psir"
      },
      {
        "trust": 0.1,
        "url": "http://www.securityfocus.com/archive/1/495937/30/0/threaded"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des?psrtdcat20e2"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32566"
      },
      {
        "db": "BID",
        "id": "30997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      },
      {
        "db": "PACKETSTORM",
        "id": "69602"
      },
      {
        "db": "PACKETSTORM",
        "id": "69655"
      },
      {
        "db": "PACKETSTORM",
        "id": "69603"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-32566"
      },
      {
        "db": "BID",
        "id": "30997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      },
      {
        "db": "PACKETSTORM",
        "id": "69602"
      },
      {
        "db": "PACKETSTORM",
        "id": "69655"
      },
      {
        "db": "PACKETSTORM",
        "id": "69603"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32566"
      },
      {
        "date": "2008-09-03T00:00:00",
        "db": "BID",
        "id": "30997"
      },
      {
        "date": "2008-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      },
      {
        "date": "2008-09-03T21:30:13",
        "db": "PACKETSTORM",
        "id": "69602"
      },
      {
        "date": "2008-09-05T15:36:36",
        "db": "PACKETSTORM",
        "id": "69655"
      },
      {
        "date": "2008-09-03T21:31:51",
        "db": "PACKETSTORM",
        "id": "69603"
      },
      {
        "date": "2008-09-04T16:41:00",
        "db": "NVD",
        "id": "CVE-2008-2441"
      },
      {
        "date": "2008-09-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32566"
      },
      {
        "date": "2008-09-03T19:45:00",
        "db": "BID",
        "id": "30997"
      },
      {
        "date": "2008-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      },
      {
        "date": "2018-10-11T20:41:38.677000",
        "db": "NVD",
        "id": "CVE-2008-2441"
      },
      {
        "date": "2009-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "69602"
      },
      {
        "db": "PACKETSTORM",
        "id": "69603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Secure ACS In  EAP-Response Packet processing vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002001"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-049"
      }
    ],
    "trust": 0.6
  }
}

gsd-2008-2441

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-2441

Aliases

CVE-2008-2441

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2441",
    "description": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.",
    "id": "GSD-2008-2441"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2441"
      ],
      "details": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.",
      "id": "GSD-2008-2441",
      "modified": "2023-12-13T01:23:00.587388Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2441",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1020814",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020814"
          },
          {
            "name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
          },
          {
            "name": "31731",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31731"
          },
          {
            "name": "4216",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4216"
          },
          {
            "name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
          },
          {
            "name": "30997",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30997"
          },
          {
            "name": "cisco-sacs-eap-dos(44871)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_acs:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2441"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                },
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
            },
            {
              "name": "1020814",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020814"
            },
            {
              "name": "4216",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4216"
            },
            {
              "name": "30997",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/30997"
            },
            {
              "name": "31731",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31731"
            },
            {
              "name": "cisco-sacs-eap-dos(44871)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
            },
            {
              "name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:41Z",
      "publishedDate": "2008-09-04T16:41Z"
    }
  }
}

cve-2008-2441

Vulnerability from fkie_nvd

Published

2008-09-04 16:41

Modified

2024-11-21 00:46

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://secunia.com/advisories/31731
	cve@mitre.org	http://securityreason.com/securityalert/4216
	cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml
	cve@mitre.org	http://www.securityfocus.com/archive/1/495937/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/30997
	cve@mitre.org	http://www.securitytracker.com/id?1020814
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44871
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31731
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4216
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495937/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30997
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020814
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44871

Impacted products

	Vendor	Product	Version
	cisco	secure_acs	*
	cisco	secure_access_control_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_acs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E137A796-4F14-4BFB-81C5-11A145DDD1F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ACD712D-B8B8-4551-925E-27E541C8001F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."
    },
    {
      "lang": "es",
      "value": "Cisco Secure ACS versiones 3.x anteriores a 3.3 (4) Build 12, Parche 7, versiones 4.0.x, versiones 4.1.x anteriores a 4.1 (4) Build 13, Parche 11 y versiones 4.2.x anteriores a 4.2 (0) Build 124, Parche 4 no maneja apropiadamente un paquete de EAP Response en el que el valor del campo length excede la longitud actual del paquete, lo que permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del servicio CSRadius y CSAuth) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un paquete RADIUS dise\u00f1ado (1) EAP-Response/Identity, (2) EAP-Response/MD5, o (3) EAP-Response/TLS Message Attribute."
    }
  ],
  "id": "CVE-2008-2441",
  "lastModified": "2024-11-21T00:46:53.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-04T16:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31731"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4216"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30997"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020814"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-m2jf-55j5-5wxj

Vulnerability from github

Published

2022-05-01 23:50

Modified

2022-05-01 23:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2441"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-04T16:41:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.",
  "id": "GHSA-m2jf-55j5-5wxj",
  "modified": "2022-05-01T23:50:02Z",
  "published": "2022-05-01T23:50:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2441"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31731"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4216"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30997"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020814"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2008-2441

Vulnerability from cvelistv5

var-200809-0012

Vulnerability from variot

Attack Impact:

Attack Vector:

Timeline:

Credits:

Revision 1.0

Cisco Response

Revision History

Cisco Security Procedures

gsd-2008-2441

Vulnerability from gsd

cve-2008-2441

Vulnerability from fkie_nvd

ghsa-m2jf-55j5-5wxj

Vulnerability from github

Tags

Sightings

Nomenclature