|
| TC: | 11005 | |
| Description: | You can crash these servers by sending ICMP unreachable messages to them. | |
| TC Impact: | Denial of Service | |
| Service: | tacacs |
| Vulnerability Publication: | Unknown | |
| Advisory Copyright: | Unknown | |
| Summary: | Xtacacs is used to manage authorizations for remote access devices. Due to a programming error, it can be disabled remotely. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete | |
| CVSS 2.0 Base Score: | 7.8 |
| Vulnerability Impact: |
Denial of Service |
|---|
| Host Impact: | Denial of service for remote access users. | |
| Nature of Remediation: | Update the software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Upgrade Software ***** URL http://www.cisco.com/warp/public/732/Security/622_pp.htm considers tacacs and xtacacs obsolete. No further development is being carried out, and customers are urged to switch to other authentication protocols. However, the author of this xtacacs server has a version fixing this issue. |
| References: | ||
| * MISC: Reported on Bugtraq http://www.securityfocus.com/archive/1/8277 * MISC: Latest version available at: http://www.netplex-tech.com/software/xtacacsd/ * MISC: http://insecure.org/sploits/xtacacs.server.dos.html |
| CVE Link: |
GENERIC-MAP-NOMATCH |
 |
|---|
| Glossary: |
Denial of Service DoS ICMP |
|---|