Denial of Service Vulnerabilities in Cisco Secure Access Control Server
CVE-2006-4097

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 31 December 2006

Summary

The Cisco Secure Access Control Server is subject to multiple vulnerabilities affecting its CSRadius service. These flaws enable remote attackers to exploit crafted RADIUS Access-Request packets, leading to potential denial of service through system crashes. Among the reported issues is at least one notable heap-based buffer overflow that can occur via the Tunnel-Password attribute, compromising the stability and availability of the service.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31334

vdb-entryx_refsource_XF

http://secunia.com/advisories/23629

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/21900

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 31, 2006
Vulnerability Reserved
Aug 14, 2006