AngryPacket Security Advisory - A vulnerability found in the Cisco VPN client for Linux can allow local users to gain root level privileges. This vulnerability affects VPN client v3.5.1 and below.
3f0616261733901823c963b777907ca611ed3bca722aab3941413458f07acfc2 - -- ------------------------- -- -
[>(] AngryPacket Security Advisory [>(]
- -- ------------------------- -- -
+--------------------- -- -
+ advisory information
+------------------ -- -
author: methodic <methodic@bigunz.angrypacket.com>
release date: 05/28/2002
homepage: http://sec.angrypacket.com
advisory id: 0x0002
+-------------------- -- -
+ product information
+----------------- -- -
software: Cisco vpnclient for Linux
vendor: Cisco Systems
homepage: http://www.cisco.com
description:
"Cisco VPN client allows a user to connect to a Cisco VPN device
using the Linux operating system."
+---------------------- -- -
+ vulnerability details
+------------------- -- -
problem: Local root
affected: vpnclient-linux-3.5.1.Rel-k9 and perhaps earlier versions
explaination: Any local user can gain root privileges via a buffer overflow
in the 'connect' argument when a long profile name (520 bytes
to own the eip) is specified and the executable is suid root.
Cisco's install script installs vpnclient suid root by default,
although it does advise administrators about the permissions
set on vpnclient, and that they may wish to change them.
risk: High
status: Vendor was notified, and a fix is available
exploit: http://sec.angrypacket.com/exploits/vpnKILLient.c
fix: Upgrade your Cisco vpnclient software, or chmod -s vpnclient
+-------- -- -
+ credits
+----- -- -
Bug was found by methodic of AngryPacket security group.
Additional help by:
dmuz and vegac of AngryPacket security group, and shok of w00w00.
+----------- -- -
+ disclaimer
+-------- -- -
The contents of this advisory are Copyright (c) 2002 AngryPacket
Security, and may be distributed freely provided that no fee is charged
for distribution and that proper credit is given. As such, AngryPacket
Security group, collectively or individually, shall not be held liable
or responsible for the misuse of any information contained herein.
- -- ------------------------- -- -
[>(] AngryPacket Security Advisory [>(]
- -- ------------------------- -- -
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed