Cisco reports access control server flaws

By Marguerite Reardon
Staff Writer, CNET News

Cisco on Wednesday posted an advisory warning about four vulnerabilities in its Secure Access Control Server (ACS). The first flaw causes the Web interface of the ACS to stop answering requests when it's flooded with TCP connections. The second error crashes systems using Cisco's remote access authentication protocol, called light extensible authentication protocol. The third vulnerability is related to an error in the handling of traffic using Novell directory services. And the fourth problem occurs when hackers spoof IP addresses to match an authenticated user's address to gain access to the Web-based graphical user interface of the ACS.

Versions affected by these vulnerabilities include 3.2, 3.2 (2) and 3.2 (3). Details of the warning and patches to fix the problems are available on Cisco's Web site.

Latest tech news headlines

The $199 tablet according to Freescale
Posted in Nanotech - The Circuits Blog by Brooke Crothers

January 3, 2010 9:30 PM PST
Bono risks becoming next Lars Ulrich
Posted in Media Maverick by Greg Sandoval

January 3, 2010 4:40 PM PST
Dell laptop using Intel Core i3
Posted in Nanotech - The Circuits Blog by Brooke Crothers

January 3, 2010 3:10 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Cisco Systems (0.00%) 0.00 23.94; Dow Jones Industrials (0.00%) 0.00 10,428.05; S&P 500 (0.00%) 0.00 1,115.10; NASDAQ (0.00%) 0.00 2,269.15; CNET TECH (0.00%) 0.00 1,646.41

Inside CNET News

Scroll Left Scroll Right

Nanotech - The Circuits Blog
The $199 tablet according to Freescale
Freescale Semiconductor will show off a tablet design that integrates its version of the power-efficient ARM processor at the Consumer Electronics Show.
Gallery
En route to GPS-based air traffic control (images)
Technically Incorrect
Apple pulls iPhone app that upset Hollywood
An app that features a less than entirely honest Hollywood wheeler-dealer has been removed from Apple's App Store after a complaint from a super agent.
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Deep-sea volcanic explosion--part 2 (video)
Digital Media
China arrests thousands in Web porn crackdown
The Chinese government says it arrested more than 5,000 people in 2009 in an effort to crack down on Web porn use, according to Reuters.
Video
Deep-sea volcanic explosion--part 1 (video)
The Social
For eBay sellers, a holiday hamster hangover
The gift frenzy over Zhu Zhu Pets leaves some power sellers feeling like they've just run a marathon--but the steep price tags driven by scarcity lead to some impressive profits.
Cutting Edge
NASA's next frontier: Venus, the moon, or an asteroid
Agency selects three finalists in a competition to help determine where to focus its attention to get the most scientific value out of research into our solar system.
Gallery
NASA trains WISE eye on the sky (photos)
Crave
Samsung finally makes NX10 official
Samsung's debut of its interchangeable lens, somewhat compact camera pits a larger, APS-C-size sensor, but with a proprietary Samsung NX lens mount against Olympus and Panasonic's smaller Four Thirds sensor combined with its standard Micro Four Thirds len
Green Tech
Green-tech venture investing cools off in 2009
Green tech is still attracting billions of dollars a year, but the amount of money has shrunk significantly as investors began to focus on start-ups with the most potential.