OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: An Analysis of the TACACS+ Protocol and its Implementations
From: Damir Rajnovic (drajnoviCISCO.COM)
Date: Tue May 30 2000 - 06:16:55 CDT


-----BEGIN PGP SIGNED MESSAGE-----

Hello,

We acknowledge that a buffer overflow mentioned in the analysis by
Solar Designer is indeed present in an unsupported free version
of TACACS+ server (officially it is a "developer's kit" and can be
found at http://cco/kobayashi/sw-center/access/tacacs-plus.html)
However, since that software is unsupported Cisco will not patch it.
One can integrate the patch mentioned in Solar Designer's analysis,
but Cisco will not be liable for any damage that it may cause.
The unsupported patch can be found at
http://www.openwall.com/advisories/

The above site and all its contents are not endorsed by Cisco in
any way and we are declining any liability for a damage that may
be caused if acted upon information presented on it. This link is
included for completeness and convenience only.

Our commercial offerings CiscoSecure for Unix and NT are not
vulnerable to the described overflow. If an oversize TACACS+ packet
is sent to an IOS client, IOS will report an error as mentioned in
the analysis and reject that packet. The device will continue to
function normally and no service disruption will occur.

In order to utilize other TACACS+ protocol shortcomings as described
in the brilliant analysis by Solar Designer, a culprit must have
access to the path between the TACAS+ client and the server.

We would like to thank Solar Designer for sharing this analysis with
us first and allowing us ample time to review our commercial products.

Regards,

Gaus

==============
Damir Rajnovic <psirtcisco.com>, PSIRT Incident Manager, Cisco
Systems
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
Phone: +44 7715 546 033
4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB
==============
There is no insolvable problems. Question remains: can you
accept the solution?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i

iQCVAwUBOTOircAFeq0PniW5AQFYlwP/RdjJdljtCQwJA9sP+7odfBgZxxXRCmrv
nzSQem9N7Ll6hV6tOA8ypopqhSzdH+eWbn/32dylmmU1bH9cjXNaS9Fa21+mOtG8
u2+kr/hnYzBwutFFzZFzs1a4mg85G/u5twSs2U5RHqAWypAURyFE8W65431iIhno
HD2oHDfGdcE=
=iFx3
-----END PGP SIGNATURE-----