Cisco reports access control server flaws
Hackers could exploit the vulnerabilities to launch DOS attacks and bypass user authentication on the servers.
Marguerite Reardon Former senior reporter
Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.
Cisco on Wednesday posted an advisory warning about four vulnerabilities in its Secure Access Control Server (ACS). The first flaw causes the Web interface of the ACS to stop answering requests when it's flooded with TCP connections. The second error crashes systems using Cisco's remote access authentication protocol, called light extensible authentication protocol. The third vulnerability is related to an error in the handling of traffic using Novell directory services. And the fourth problem occurs when hackers spoof IP addresses to match an authenticated user's address to gain access to the Web-based graphical user interface of the ACS.
Versions affected by these vulnerabilities include 3.2, 3.2 (2) and 3.2 (3). Details of the warning and patches to fix the problems are available on Cisco's Web site.