Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, Chris,
This fix is integrated in VPN client releases
3.5.1C and later
3.6(Rel) and later
3.7(Rel) and later
4.0(Rel) and later
The feature is documented at
http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel4_0/admin_gd/vcach2.htm#19276
Refer to the .pcf Parameter (Keyword) "VerifyCertDN".
The above URL is also now documented in the Release-note for CSCdw87717 to
make it more convenient to find, by our customers.
Brgds,
/Sharad
On Thursday 18 December 2003 13:13, Chris wrote:
>
> >This is in response to the mail posted by Thor Lancelot Simon. The original
> >mail is available at http://www.securityfocus.com/archive/1/347351 in which
> >Thor has listed two issues. Documented below is Cisco's response to them.
> >
> >Issue #1: Cisco addressed this issue as part of CSCdw87717 wherein the Cert
> >Domain Name verification feature was implemented. This issue has been
> >documented under the Cisco security advisory
> >http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml.
> >
> >
>
> I've looked through the literature and the software (4.0 rel) for the
> past week, I haven't been able to find
> anything related to this. I've had several people brighter than I look
> into this, they also weren't able to find any
> sort of fix. we may very well may have missed it, but is it possible
> this feature went missing in 4.0?
>
> Thanks,
> Chris
>
>
>
- --
Sharad Ahlawat
Cisco Product Security Incident Response Team (PSIRT)
http://www.cisco.com/go/psirt
Phone:+1 (408) 527-6087
PGP-key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC12A996C
-----BEGIN PGP SIGNATURE-----
Comment: PGP Signed by Sharad Ahlawat
iD8DBQE/4keyGoGomMEqmWwRAvsrAKDYloveRWPX+UZYgfb/8SNpPe7SkgCcC8n4
z0IQzwCoEsHNgRcVb7kqLHo=
=26EB
-----END PGP SIGNATURE-----