Full Disclosure mailing list archives

Re: Interesting fun with Cisco VPN Client Privilege Escalation Vulnerabilities

From: "Steven Adair" <steven () securityzone org>
Date: Thu, 16 Aug 2007 15:16:55 -0400 (EDT)

I went to the below URL you referenced
(http://www.cisco.com/cgi-bin/tablebuild.pl/windows?psrtdcat20e2), logged
in, and it works fine for me with a listing of all the clients to
download.

vpnclient-win-msi-5.0.01.0600-k9.exe
VPN Client Software for 2000/XP/Vista - Microsoft Installer     5.0.01.06
        23-JUL-2007     10676224

I would suggest getting an account if you do not have one.  That would
definitely make downloading the client from that URL a lot easier.

Steven
securityzone.org

Hey All!

So, as an exercise just for giggles, I attempted to get a fix for this.
Reference:

http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml

As we are just a shop, we do not have a Cisco contract.  Here's where the
fun starts.  From the above:

1.

"Customers who purchase direct from Cisco but who do not hold a Cisco
service contract and customers who purchase through third-party vendors
but
are unsuccessful at obtaining fixed software through their point of sale
should get their upgrades by contacting the Cisco Technical Assistance
Center (TAC). TAC contacts are as follows.
+1 800 553 2447 (toll free from within North America)
+1 408 526 7209 (toll call from anywhere in the world)
e-mail: tac () cisco com

Have your product serial number available and give the URL of this notice
as evidence of your entitlement to a free upgrade. Free upgrades for
non-contract customers must be requested through the TAC."

You'll need a LOT more then just the site and serial number...you'll need
to
be registered with Cisco or provide them with:

REQUIRED INFORMATION

* CONTACT NAME:
* CONTACT PHONE NUMBER:
* CONTACT CISCO.COM USERID (if one exists):
* CONTACT EMAIL ADDRESS:
* CONTRACT #:
* SERIAL #:
* PRODUCT TYPE (Model Number):
* SOFTWARE VERSION:
* COMPANY NAME:
* EQUIPMENT LOCATION (Address):
* BRIEF PROBLEM DESCRIPTION:

2.

"Cisco will make free software available to address these vulnerabilities
for affected customers. This advisory will be updated as fixed software
becomes available. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.

Customers may only install and expect support for the feature sets they
have purchased. By installing, downloading, accessing or otherwise using
such software upgrades, customers agree to be bound by the terms of
Cisco's
software license terms found at
http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set
forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.";

Not true.  My router is out of warranty, so Cisco is telling me that I'm
out
of luck as follows:

"The product that you requested support for is an older product that has
passed the warranty period date for that product.  Once a product becomes
End of Sale, it is supported for three years
beyond the End of Sale date and then becomes End of Support.
After that point, we recommend that you contact your Cisco point of sale
to discuss migrating your old equipment to newer supported technology.
Cisco Partners, Resellers, and internal Cisco Sales Teams often have
special offers and technology migration programs available."

3.

The last gig is:

"The Cisco VPN Client for Windows is available for download from the
following location on cisco.com:

http://www.cisco.com/pcgi-bin/tablebuild.pl/windows?psrtdcat20e2 "

Heh..nothing there.

Interesting...VERY interesting ;)

James


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Interesting fun with Cisco VPN Client Privilege Escalation Vulnerabilities James Lay (Aug 16)
- Re: Interesting fun with Cisco VPN Client Privilege Escalation Vulnerabilities J. Oquendo (Aug 16)
- Re: Interesting fun with Cisco VPN Client Privilege Escalation Vulnerabilities Steven Adair (Aug 16)