Reported April 23, 2003, by Cisco Systems
Cisco Secure ACS 3.1.1, 3.0.3, 2.6.4, and earlier
Cisco Secure ACS for Windows contains a buffer overflow condition that can permit a Denial of Service (DoS) attack and a root compromise. The problem appears to occur during the software's handling of logon sequences.
Cisco recommends that customers upgrade to repaired versions of Cisco Secure ACS or install Cisco Secure ACS so that either no external access to management interfaces is permitted or access to the interfaces is restricted. Users who want to restrict access to management interfaces need to block access to ACS on port 2002.
Discovered by NSFocus.