A security vulnerability was recently announced in the Cisco VPN Client
software for Windows. This software is distributed on
http://software.berkeley.edu and is used for remote users to establish a
VPN connection to the campus network. This vulnerability is based on a
privilege escalation attack and could allow a user logged into an
interactive Windows session to gain Local System privileges. Please see
details about the vulnerability below.
If you use the Cisco VPN software for Windows, please download the
latest version from http://software.berkeley.edu/windows/vpn/current/.
The version currently posted is 4.8.01.0300 -- if you have an older
version please upgrade to this version which is not vulnerable.
Thank you and please pass this announcement on to others who may be
using the Cisco VPN client software,
-- Allison Henry System and Network Security University of California, Berkeley http://security.berkeley.edu Cisco VPN Client Privilege Escalation May 25, 2006 @ 12:15:57 Observation The Cisco VPN client for Windows is vulnerable to a local privilege escalation attack. The flaw lies in the Windows client GUI or VPN client dialer. Successful exploitation could allow a local authorized user the ability to gain Local System privileges. Affected Systems Vulnerable Releases Cisco VPN Client (Windows) 2.X Cisco VPN Client (Windows) 3.X Cisco VPN Client (Windows) 4.0.X Cisco VPN Client (Windows) 4.6.X Cisco VPN Client (Windows) 4.7.X (excluding 4.7.00.0533) Cisco VPN Client (Windows) 4.8.00.X Remediation The vendor has made updates available to registered users for remediation here: http://www.cisco.com/pcgi-bin/tablebuild.pl/windows Threat Correlation Details The hosts displayed in the panel below exhibit ports or services of systems that could be susceptible to this threat. Correlation Parameters Operating Systems Windows XP SP0 - SP2, Windows 2003 SP0 - SP1, Windows 2000 SP1 - SP4 Source: McAfee AVERT Labs Initial Publish Date: 5/25/2006 External Links http://www.cisco.com/warp/public/707/cisco-sa-20060524-vpnclient.shtml ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Tue May 30 21:45:07 2006
This archive was generated by hypermail 2.1.8 : Tue May 30 2006 - 21:45:08 PDT