[an error occurred while processing this directive]

Authentication Protocols

Cisco Security Notice: Response to BugTraq - TACACS+ Vulnerability

Document ID: 59744

Revision 1.0

Last Updated 2000 May 30


Cisco Security Procedures


This document is provided to simplify access to Cisco responses to possible product security vulnerability issues posted in public forums for Cisco customers. This does not imply that Cisco perceives each of these issues as an actual product security vulnerability. This notice is provided on an "as is" basis and does not imply any kind of guarantee or warranty. Your use of the information on the page or materials linked from this page are at your own risk. Cisco reserves the right to change or update this page without notice at any time.


Original Report: http://www.openwall.com/advisories/OW-001-tac_plus.txt leavingcisco.com. Cisco responded with the following, which is also archived at http://www.securityfocus.com/archive/1/62745 leavingcisco.com.

To:  BugTraq 
Subject:  Re: An Analysis of the TACACS+ Protocol and its Implementations 
Date:  May 30 2000 1:16PM 
Author:  Damir Rajnovic <drajnovi cisco com> 
Message-ID:  <> 
In-Reply-To:  <200005301059.OAA05030@false.com> 


We acknowledge that a buffer overflow mentioned in the analysis by
Solar Designer is indeed present in an unsupported free version
of TACACS+ server (officially it is a "developer's kit" and can be
found at http://cco/kobayashi/sw-center/access/tacacs-plus.html)
However, since that software is unsupported Cisco will not patch it.
One can integrate the patch mentioned in Solar Designer's analysis,
but Cisco will not be liable for any damage that it may cause.
The unsupported patch can be found at

The above site and all its contents are not endorsed by Cisco in
any way and we are declining any liability for a damage that may
be caused if acted upon information presented on it. This link is
included for completeness and convenience only.

Our commercial offerings CiscoSecure for Unix and NT are not
vulnerable to the described overflow. If an oversize TACACS+ packet
is sent to an IOS client, IOS will report an error as mentioned in
the analysis and reject that packet. The device will continue to
function normally and no service disruption will occur.

In order to utilize other TACACS+ protocol shortcomings as described
in the brilliant analysis by Solar Designer, a culprit must have
access to the path between the TACAS+ client and the server.

We would like to thank Solar Designer for sharing this analysis with
us first and allowing us ample time to review our commercial products.



Damir Rajnovic <psirt cisco com>, PSIRT Incident Manager, Cisco
Phone: +44 7715 546 033
4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB
There is no insolvable problems. Question remains: can you
accept the solution?
Version: PGPfreeware 6.0.2i


Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.

Updated: Nov 15, 2004 Document ID: 59744

[an error occurred while processing this directive]