funsec mailing list archives
Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 24 May 2006 18:03:18 GMT
Via Cisco. [snip] Summary The Cisco VPN Client for Windows is affected by a local privilege escalation vulnerability that allows non-privileged users to gain administrative privileges. A user needs to authenticate and start an interactive Windows session to be able to exploit this vulnerability. Affected/Vulnerable Products The following versions of the Cisco VPN Client for Windows (excluding Windows 9x users) are affected: 2.x 3.x 4.0.x 4.6.x 4.7.x with the exception of version 4.7.00.0533 4.8.00.x This vulnerability is fixed in version 4.8.01.0300 of the Cisco VPN Client for Windows, which can be downloaded from the following location: http://www.cisco.com/pcgi-bin/tablebuild.pl/windows (registered customers only) [snip] Link: http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability Fergie (May 24)