Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco,

[Sharad Ahlawat <sha () cisco com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Chris,

This fix is integrated in VPN client releases
3.5.1C and later
3.6(Rel) and later
3.7(Rel) and later
4.0(Rel) and later

The feature is documented at
http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel4_0/admin_gd/vcach2.htm#19276
Refer to the .pcf Parameter (Keyword) "VerifyCertDN".

The above URL is also now documented in the Release-note for CSCdw87717 to
make it more convenient to find, by our customers.

Brgds,
/Sharad

On Thursday 18 December 2003 13:13, Chris wrote:
> > This is in response to the mail posted by Thor Lancelot Simon. The original 
> > mail is available at http://www.securityfocus.com/archive/1/347351 in which 
> > Thor has listed two issues. Documented below is Cisco's response to them.
> >
> > Issue #1: Cisco addressed this issue as part of CSCdw87717 wherein the Cert 
> > Domain Name verification feature was implemented. This issue has been 
> > documented under the Cisco security advisory
> > http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml.
> >  
>
> I've looked through the literature and the software (4.0 rel) for the 
> past week, I haven't been able to find
> anything related to this. I've had several people brighter than I look 
> into this, they also weren't able to find any
> sort of fix. we may very well may have missed it, but is it possible 
> this feature went missing in 4.0?
>
> Thanks,
> Chris

- -- 
Sharad Ahlawat
Cisco Product Security Incident Response Team (PSIRT)
http://www.cisco.com/go/psirt
Phone:+1 (408) 527-6087
PGP-key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC12A996C
-----BEGIN PGP SIGNATURE-----
Comment: PGP Signed by Sharad Ahlawat

iD8DBQE/4keyGoGomMEqmWwRAvsrAKDYloveRWPX+UZYgfb/8SNpPe7SkgCcC8n4
z0IQzwCoEsHNgRcVb7kqLHo=
=26EB
-----END PGP SIGNATURE-----