Intrusion Prevention

Cisco.ACS.UCP.CGI.Pre.Authentication.Buffer.Overflow

Description

This indicates an attempt to exploit a buffer-overflow vulnerability in Cisco Secure Access Control Server (ACS) for Windows.
The vulnerability is in the User-Changeable Password (UCP) application, a set of CGI programs and web site contents installed on Microsoft IIS. The CGI program "CSUserCGI.exe" is vulnerable to multiple buffer overflows that occur
before the authentication process. A remote attacker can exploit these to gain control of vulnerable systems.

Affected Products

Cisco ACS UCP versions older than 4.2.

Impact

System Compromise: remote attackers can gain control of vulnerable systems.

Recommended Actions

Update to Cisco ACS UCP version 4.2. See the Cisco Advisory for information on how to obtain updated software at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml

CVE References

CVE-2008-0532