CVE-2006-4097 Information

Description

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

Reference

http://osvdb.org/36125 http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/443108 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31334