TITLE: Nortel Contivity VPN Client Open Tunnel Certificate Verification Issue SECUNIA ADVISORY ID: SA12881 VERIFY ADVISORY: http://secunia.com/advisories/12881/ CRITICAL: Less critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: Nortel Contivity Multi-OS VPN Client http://secunia.com/product/2428/ DESCRIPTION: Roger Sylvain has reported a vulnerability in Nortel Contivity VPN Client, potentially allowing malicious people to open a VPN tunnel to the client. When the Contivity VPN Client establishes a connection to a gateway, the gateway certificate isn't checked before the user answers a dialog box. While the dialog box is displayed to the user, the VPN tunnel remains open allowing the gateway network access to the client system. Successful exploitation requires that an attacker is able to conduct a man-in-the-middle attack, thereby making the client connect to a malicious gateway. The vulnerability has been reported in version 4.91. Other versions may also be vulnerable. SOLUTION: Reportedly, this will be fixed in version 5.1 (expected to be released in the beginning of 2005). The vendor has not replied to any requests for comments on this issue. PROVIDED AND/OR DISCOVERED BY: Roger Sylvain from Solucom ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------