Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability

["Eloy A. Paris" <elparis@xxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Response
==============

This is the Cisco Product Security Incident Response Team (PSIRT)'s
response to the statements made by Oleg Tipisov in his message with
subject "Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
posted to Bugtraq on 2005-Dec-21. An archived version of this message
can be found here:

http://www.securityfocus.com/archive/1/420020

Cisco confirms the statements made by Mr. Tipisov, and has published a
Field Notice to document the vulnerability and provide solutions and
workarounds.

The Field Notice can be found at the following location:

Field Notice: FN - 61965 - CS ACS for Windows Downloadable IP Access
Control List Vulnerability

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml

We greatly appreciate the opportunity to work with researchers on
security vulnerabilities, and welcome the opportunity to review and
assist in product reports.

Best regards,

- -- 

Eloy Paris
Product Security Incident Response Team (PSIRT)
Cisco Systems, Inc.
Ph: +1 919 392-9118
Cell: +1 919 349-2990
Pager: (888) 347-7178

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDtZhkagjTfAtNY9gRAqhTAKCZ2HRGCLXu86ng/jJa3uaynVNQTACglVDA
JuYN8eOPy9HdQct1yR86GWY=
=swKK
-----END PGP SIGNATURE-----