CVE-2006-4097

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) for Windows versions prior to 4.1 Cisco Secure Access Control Server (ACS) Solution Engine versions prior to 4.1

Description The issue involves multiple unspecified vulnerabilities in the CSRadius service, allowing remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. It has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

Recommendations For Cisco Secure Access Control Server (ACS) for Windows versions prior to 4.1, update to version 4.1 or later. For Cisco Secure Access Control Server (ACS) Solution Engine versions prior to 4.1, update to version 4.1 or later.