|
Brought to you by:
Suppliers of:
|
|
|
| |
| Multiple vulnerabilities exist in the Cisco Virtual Private Network (VPN) Client software. These vulnerabilities are documented as Cisco Bug IDs CSCdt35749, CSCdt60391, CSCdw87717, CSCdx89416, and CSCdy37058. There are no workarounds available to mitigate the effects of these vulnerabilities. |
| |
Credit:
The original advisory can be accessed by going to:
http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
The information has been provided by Cisco Systems Product Security Incident Response Team.
|
| |
Affected Products:
The VPN Client software program runs on the following platforms.
* Microsoft Windows based PC.
* Red Hat Version 6.2 Linux (Intel), or compatible distribution, using kernel Version 2.2.12 or later. It does not support kernel Version 2.5.
* Solaris UltraSPARC running a 32-bit or a 64-bit kernel OS Version 2.6 or later.
* Mac OS X Version 10.1.0 or later.
DDTS:
CSCdt35749 - NETBIOS TCP packet vulnerability
Description Affected Releases:
* earlier than 3.0.5
* 2.x.x
DDTS:
CSCdt60391 - Group passwords visible using utility program
Description Affected Releases:
* earlier than 3.5.1C
* 3.1.x
* 3.0.x
* 2.x.x
DDTS:
CSCdw87717 - Concentrator certificate identity vulnerability
Description Affected Releases:
* earlier than 3.5.1C
* 3.1.x
* 3.0.x
* 2.x.x
DDTS:
CSCdx89416 - Random number generation improvement
Description Affected Releases:
* earlier than 3.5.2B
* 3.1.x
* 3.0.x
* 2.x.x
DDTS:
CSCdy37058 - TCP filter vulnerability
Description Affected Releases:
* 3.6(Rel)
* earlier than 3.5.4
* 3.1.x
* 3.0.x
* 2.x.x
No other Cisco products are currently known to be affected by these vulnerabilities.
Details:
The VPN Client software program on a remote workstation, communicating with a Cisco VPN device on an enterprise network or with a service provider, creates a secure connection over the Internet. Through this connection you can access a private network as if you were an onsite user.
DDTS:
CSCdt35749 - NETBIOS TCP packet vulnerability
Description Details:
The VPN Client is vulnerable to NETBIOS TCP packets that have their source and destination ports set to 137 (NETBIOS Name Service). Upon receiving such a packet, the VPN Client crashes.
DDTS:
CSCdt60391 - Group passwords visible using utility program
Description Details:
There is a utility program under Windows that can decipher the group password field, which is shown as a series of asterisks (***...) on the authentication property page of the VPN Client.
DDTS:
CSCdw87717 - Concentrator certificate identity vulnerability
Description Details:
When a VPN Client connects to a VPN Concentrator using certificates, the VPN Client does not have the ability to verify that specific certificate DN fields match in the certificate received from the VPN Concentrator.
DDTS:
CSCdx89416 - Random number generation improvement
Description Details:
The random number generation process in the VPN Client software has been significantly improved to increase the randomness of the generated numbers.
DDTS:
CSCdy37058 - TCP filter vulnerability
Description Details:
It is possible to get the VPN Client, which is configured for all tunnel mode (split tunneling disabled mode), to acknowledge a TCP packet via the tunnel-assigned IP, when the packet is sent to it from outside the tunnel. The 3.5.x releases are protected against this vulnerability if the firewall is configured to be in "always on" mode. The 3.6(Rel) release is vulnerable even when the firewall is in "always on" mode.
These vulnerabilities are documented in the Cisco Bug Toolkit as Bug IDs CSCdt35749, CSCdt60391, CSCdw87717, CSCdx89416 and CSCdy37058, and can be viewed after 2002 September 6 at 1500 UTC. To access this tool, you must be a registered user and you must be logged in.
Impact:
DDTS:
CSCdt35749 - NETBIOS TCP packet vulnerability
Description Impact:
This vulnerability can be exploited to initiate a denial-of-service attack.
DDTS:
CSCdt60391 - Group passwords visible using utility program
Description Impact:
Unintended disclosure of the group password.
DDTS:
CSCdw87717 - Concentrator certificate identity vulnerability
Description Impact:
This vulnerability could be exploited to initiate a man-in-the-middle attack.
DDTS:
CSCdx89416 - Random number generation improvement
Description Impact:
Improvement in the randomness of random numbers generated for use by the VPN Client.
DDTS:
CSCdy37058 - TCP filter vulnerability
Description Impact:
This vulnerability could be exploited to leak information about the VPN Client workstation.
Software Versions and Fixes:
DDTS:
CSCdt35749 - NETBIOS TCP packet vulnerability
Description Fixed Releases:
3.6(Rel) or later
3.5(Rel) or later
3.1(Rel) or later
3.0.5 or later
DDTS:
CSCdt60391 - Group passwords visible using utility program
Description Fixed Releases:
3.6(Rel) or later
3.5.1C or later
DDTS:
CSCdw87717 - Concentrator certificate identity vulnerability
Description Fixed Releases:
3.6(Rel) or later
3.5.1C or later
DDTS:
CSCdx89416 - Random number generation improvement
Description Fixed Releases:
3.6(Rel) or later
3.5.2B or later
DDTS:
CSCdy37058 - TCP filter vulnerability
Description Fixed Releases:
3.6.1 or later
3.5.4 or later
The procedure to upgrade on the various platforms to the fixed software version is detailed in the documentation available at http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/.
Obtaining Fixed Software:
Cisco is offering free software upgrades to address these vulnerabilities for all affected customers. Customers may only install and expect support for the feature sets they have purchased.
Customers with service contracts should contact their regular update channels to obtain the free software upgrade identified via this advisory. For most customers with service contracts, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/kobayashi/sw-center/vpn/client/. To access the software download URL, you must be a registered user and you must be logged in.
Customers whose Cisco products are provided or maintained through a prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers should contact that support organization for assistance with obtaining the free software upgrade(s).
Customers who purchased directly from Cisco but who do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale, should obtain fixed software by contacting the Cisco Technical Assistance Center (TAC) using the contact information listed below. In these cases, customers are entitled to obtain an upgrade to a later version of the same release or as indicated by the applicable corrected software version in Software Versions and Fixes.
Cisco TAC contacts are as follows:
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including special localized telephone numbers and instructions and e-mail addresses for use in various languages.
Please have your product serial number available and give the URL of this advisory as evidence of your entitlement to a free upgrade.
Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software upgrades.
Workarounds:
DDTS:
CSCdt35749 - NETBIOS TCP packet vulnerability
Description Workaround:
There is no workaround.
DDTS:
CSCdt60391 - Group passwords visible using utility program
Description Workaround:
There is no workaround.
DDTS:
CSCdw87717 - Concentrator certificate identity vulnerability
Description Workaround:
There is no workaround.
DDTS:
CSCdx89416 - Random number generation improvement
Description Workaround:
Not applicable.
DDTS:
CSCdy37058 - TCP filter vulnerability
Description Workaround:
There is no workaround.
|
|
|
|
|
