<<< Date Index >>>     <<< Thread Index >>>

Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco,



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Chris,

This fix is integrated in VPN client releases
3.5.1C and later
3.6(Rel) and later
3.7(Rel) and later
4.0(Rel) and later

The feature is documented at
http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel4_0/admin_gd/vcach2.htm#19276
Refer to the .pcf Parameter (Keyword) "VerifyCertDN".

The above URL is also now documented in the Release-note for CSCdw87717 to
make it more convenient to find, by our customers.

Brgds,
/Sharad

On Thursday 18 December 2003 13:13, Chris wrote:
> 
> >This is in response to the mail posted by Thor Lancelot Simon. The original 
> >mail is available at http://www.securityfocus.com/archive/1/347351 in which 
> >Thor has listed two issues. Documented below is Cisco's response to them.
> >
> >Issue #1: Cisco addressed this issue as part of CSCdw87717 wherein the Cert 
> >Domain Name verification feature was implemented. This issue has been 
> >documented under the Cisco security advisory
> >http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml.
> >  
> >
> 
> I've looked through the literature and the software (4.0 rel) for the 
> past week, I haven't been able to find
> anything related to this. I've had several people brighter than I look 
> into this, they also weren't able to find any
> sort of fix. we may very well may have missed it, but is it possible 
> this feature went missing in 4.0?
> 
> Thanks,
> Chris
> 
> 
> 

- -- 
Sharad Ahlawat
Cisco Product Security Incident Response Team (PSIRT)
http://www.cisco.com/go/psirt
Phone:+1 (408) 527-6087
PGP-key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC12A996C
-----BEGIN PGP SIGNATURE-----
Comment: PGP Signed by Sharad Ahlawat

iD8DBQE/4keyGoGomMEqmWwRAvsrAKDYloveRWPX+UZYgfb/8SNpPe7SkgCcC8n4
z0IQzwCoEsHNgRcVb7kqLHo=
=26EB
-----END PGP SIGNATURE-----