CVE-2006-4097

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 31 December 2006

Summary

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31334

vdb-entryx_refsource_XF

http://secunia.com/advisories/23629

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/21900

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 31, 2006
Vulnerability Reserved
Aug 14, 2006