[41951] in bugtraq
Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability
daemon@ATHENA.MIT.EDU (Eloy A. Paris)
Wed Jan 4 23:56:18 2006
Date: Fri, 30 Dec 2005 15:28:21 -0500
From: "Eloy A. Paris" <elparis@cisco.com>
To: bugtraq@securityfocus.com
Cc: psirt@cisco.com
Message-ID: <20051230202821.GK2382@pumpin>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed
Content-Disposition: inline
In-Reply-To: <20051221172710.23949.qmail@securityfocus.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Response
==============
This is the Cisco Product Security Incident Response Team (PSIRT)'s
response to the statements made by Oleg Tipisov in his message with
subject "Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
posted to Bugtraq on 2005-Dec-21. An archived version of this message
can be found here:
http://www.securityfocus.com/archive/1/420020
Cisco confirms the statements made by Mr. Tipisov, and has published a
Field Notice to document the vulnerability and provide solutions and
workarounds.
The Field Notice can be found at the following location:
Field Notice: FN - 61965 - CS ACS for Windows Downloadable IP Access
Control List Vulnerability
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml
We greatly appreciate the opportunity to work with researchers on
security vulnerabilities, and welcome the opportunity to review and
assist in product reports.
Best regards,
- --
Eloy Paris
Product Security Incident Response Team (PSIRT)
Cisco Systems, Inc.
Ph: +1 919 392-9118
Cell: +1 919 349-2990
Pager: (888) 347-7178
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDtZhkagjTfAtNY9gRAqhTAKCZ2HRGCLXu86ng/jJa3uaynVNQTACglVDA
JuYN8eOPy9HdQct1yR86GWY=
=swKK
-----END PGP SIGNATURE-----
