Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7232

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-7232
Last Modified 16 Sep 2009 12:00:00
Published 14 Sep 2009 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7232

Summary

Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.

Vulnerable Systems

Application

  • Netplex-tech Xtacacsd 2.0

  • Netplex-tech Xtacacsd 3.0

  • Netplex-tech Xtacacsd 3.1

  • Netplex-tech Xtacacsd 3.2

  • Netplex-tech Xtacacsd 3.3

  • Netplex-tech Xtacacsd 3.4

  • Netplex-tech Xtacacsd 3.5

  • Netplex-tech Xtacacsd 4.0

  • Netplex-tech Xtacacsd 4.1

  • Netplex-tech Xtacacsd 4.1.1

  • Netplex-tech Xtacacsd 4.1.2


References

XF - xtacacasd-report-bo(39551)

MISC - http://aluigi.org/poc/xtacacsdz.zip

MISC - http://aluigi.altervista.org/adv/xtacacsdz-adv.txt


Last Updated: 27 May 2016 10:49:31