-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Response
==
This is the Cisco Product Security Incident Response Team (PSIRT)'s
response to the statements made by Oleg Tipisov in his message with
subject Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability,
posted
Dear [EMAIL PROTECTED],
--Wednesday, December 21, 2005, 8:27:10 PM, you wrote to
bugtraq@securityfocus.com:
orr Generally speaking the Radius protocol is not appropriate for
orr doing such things as downloading ACLs or other attributes on behalf
orr of the user on an as-needed basis, as it
Hi!
The following is the description of the vulnerability in the Cisco
implementation of downloadable ACLs, which are used by the Cisco PIX firewall
authentication proxy (aka cut-through proxy) and VPN 3000 concentrators.
When an administrator creates an ACL on the Cisco Secure Access Control