Bugtraq mailing list archives
Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco,
From: Sharad Ahlawat <sha () cisco com>
Date: Thu, 18 Dec 2003 16:34:58 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Chris, This fix is integrated in VPN client releases 3.5.1C and later 3.6(Rel) and later 3.7(Rel) and later 4.0(Rel) and later The feature is documented at http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel4_0/admin_gd/vcach2.htm#19276 Refer to the .pcf Parameter (Keyword) "VerifyCertDN". The above URL is also now documented in the Release-note for CSCdw87717 to make it more convenient to find, by our customers. Brgds, /Sharad On Thursday 18 December 2003 13:13, Chris wrote:
This is in response to the mail posted by Thor Lancelot Simon. The original mail is available at http://www.securityfocus.com/archive/1/347351 in which Thor has listed two issues. Documented below is Cisco's response to them. Issue #1: Cisco addressed this issue as part of CSCdw87717 wherein the Cert Domain Name verification feature was implemented. This issue has been documented under the Cisco security advisory http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml.I've looked through the literature and the software (4.0 rel) for the past week, I haven't been able to find anything related to this. I've had several people brighter than I look into this, they also weren't able to find any sort of fix. we may very well may have missed it, but is it possible this feature went missing in 4.0? Thanks, Chris
- -- Sharad Ahlawat Cisco Product Security Incident Response Team (PSIRT) http://www.cisco.com/go/psirt Phone:+1 (408) 527-6087 PGP-key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC12A996C -----BEGIN PGP SIGNATURE----- Comment: PGP Signed by Sharad Ahlawat iD8DBQE/4keyGoGomMEqmWwRAvsrAKDYloveRWPX+UZYgfb/8SNpPe7SkgCcC8n4 z0IQzwCoEsHNgRcVb7kqLHo= =26EB -----END PGP SIGNATURE-----
Current thread:
- Multiple vulnerabilites in vendor IKE implementations, including Cisco, Thor Lancelot Simon (Dec 12)
- Message not available
- Message not available
- Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, Thor Lancelot Simon (Dec 13)
- Message not available
- Message not available
- Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, Sharad Ahlawat (Dec 13)
- Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, Thor Lancelot Simon (Dec 13)
- Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, Chris (Dec 19)
- Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, Sharad Ahlawat (Dec 19)