CVE-2008-2441

Name of the Vulnerable Software and Affected Versions: Cisco Secure ACS versions 3.x through 3.3(4) Build 12 patch 6 Cisco Secure ACS versions 4.0.x Cisco Secure ACS versions 4.1.x through 4.1(4) Build 13 Patch 10 Cisco Secure ACS versions 4.2.x through 4.2(0) Build 123 Patch 3

Description: The issue arises from improper handling of an EAP Response packet where the length field value exceeds the actual packet length. This can be exploited by remote authenticated users to cause a denial of service, leading to the crash of the CSRadius and CSAuth services, or potentially execute arbitrary code. The exploitation can occur through crafted RADIUS packets, specifically EAP-Response/Identity, EAP-Response/MD5, or EAP-Response/TLS Message Attribute packets.

Recommendations: For Cisco Secure ACS versions 3.x through 3.3(4) Build 12 patch 6, update to version 3.3(4) Build 12 patch 7 or later. For Cisco Secure ACS versions 4.0.x, update to a version outside of the 4.0.x range, as no specific fix is mentioned within this range. For Cisco Secure ACS versions 4.1.x through 4.1(4) Build 13 Patch 10, update to version 4.1(4) Build 13 Patch 11 or later. For Cisco Secure ACS versions 4.2.x through 4.2(0) Build 123 Patch 3, update to version 4.2(0) Build 124 Patch 4 or later.