Cisco flaw touches Windows servers

By Patrick Gray
Special to CNET News.com

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Cisco's fix for flaw runs into problems
June 27, 2002; Flaws in common software threaten Net
February 12, 2002; Cisco bug could let hackers control Net traffic
June 29, 2001

A potentially critical vulnerability has been found in Cisco Systems' Secure Access Control Server for Windows servers, which is used to control devices such as routers in large networks.

The buffer overflow glitch may allow an attacker to seize control of the Cisco service when it's running on Windows, according to Cisco. The Unix variant is not affected. Exploitation of the flaw could result in a malicious hacker gaining full control of a target company's security infrastructure, leaving it completely exposed.

"Exploitation of this vulnerability results in a denial of service and can potentially result in system administrator access. Cisco is providing repaired software, and customers are recommended to install patches or upgrade at their earliest opportunity," Cisco said in an advisory released Wednesday. The advisory contains patches for fixing the bug.

The ACS system is used to control routers, firewalls, virtual private networks, voice over IP systems and wireless networks, as well as to provide access policies to users.

An exploit for the vulnerability is not known to be circulating, and ACS servers are usually deployed on network segments with limited physical access.

The flaw was found by researchers at NSFocus Information Technology. The China-based company released an advisory of its own on Thursday.

Administrators of ACS systems block TCP port 2002 until they can deploy Cisco's fix.

ZDNet Australia's Patrick Gray reported from Sydney.

Latest tech news headlines

CEA: Economy down, TV sales up?
Posted in Crave by Leslie Katz

October 7, 2008 6:25 PM PDT
Click-to-buy links for songs, games added to YouTube
Posted in News - Digital Media by Jennifer Guevin

October 7, 2008 5:57 PM PDT
No escape from the perfect financial storm
Posted in Outside the Lines by Dan Farber

October 7, 2008 5:29 PM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Tech stocks tumble for a second straight day
The Dow Jones industrial average takes another wild ride, marking a second consecutive day it has ended the session below 10,000.
Gallery
Photos: Messenger returns to Mercury
Crave
CEA: Economy down, TV sales up?
Sales in flat-panel TVs and game hardware should do fine during the upcoming holidays, the Consumer Electronics Association says.
Outside the Lines
No escape from the perfect financial storm
After this perfect storm, brewed out of years of habit and taken down by mortgages for the masses, consumers and businesses will be far more conservative in their spending habits.
Video
Mercury exposed
News - Digital Media
Click-to-buy links for songs, games added to YouTube
YouTube is adding links to Amazon.com and the iTunes Store from the pages of thousands of its videos, making it easier for people to buy an MP3 they hear or a video game that looks good.
Video
DIY political ads proliferate
News - Politics and Law
CBS live Webcast: Presidential debate, round two
Continuing our coverage of Election 2008, CBS News and CNET are presenting a live Webcast of Tuesday's presidential debate, followed by Web-only analysis and commentary.
News - Cutting Edge
Astronaut training awaits Esther Dyson
The tech pundit and investor is girding for six months of training at Russia's Star City, as an understudy to International Space Station-bound Charles Simonyi.
Gallery
Photos: Top 10 reviews of the week
Crave
HTC Touch HD won't be coming to the U.S.
HTC announces that it will not bring the Touch HD smartphone to the United States.
Green Tech
Army plans 500-megawatt solar thermal farm
A new Army energy strategy includes plans for what could become the world's largest solar thermal farm, as well as geothermal and biomass-to-fuel projects.