CVE-2002-1092

Cisco VPN 3000 Concentrator 3.6Rel and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication...

CVE-2002-1094

Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the 1 SSH banner, 2 FTP banner, or 3 an incorrect HTTP request...

CVE-2002-1098

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound XML-Autoforward/in" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator...

CVE-2002-1099

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages...

CVE-2002-1101

Cisco VPN 3000 Concentrator 2.2.x, 3.6Rel, and 3.x before 3.5.5, allows remote attackers to cause a denial of service via a long user name...

CVE-2002-1106

Cisco Virtual Private Network VPN Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks...

CVE-2002-1046

Dynamic VPN Configuration Protocol service DVCP in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service crash via a malformed packet containing tab characters to TCP port 4110...

CVE-2002-1093

HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3B allows remote attackers to cause a denial of service CPU consumption via a long URL request...

CVE-2002-1096

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code...

CVE-2002-1097

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages...

CVE-2002-1105

Cisco Virtual Private Network VPN Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password...

CVE-2002-1108

Cisco Virtual Private Network VPN Client software 2.x.x, and 3.x before 3.6Rel, when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel...

Cisco VPN Concentrator 3000 ISAKMP DoS details

Hi list, the subject says it all. I would like to share the details of the Cisco VPN Concentrator 3000 ISAKMP packet parsing vulnerability mentioned at http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml The bug affects all software versions including 3.6.0 and I hope everyone got...

Cisco Security Advisory: Cisco VPN 5000 Client Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco VPN 5000 Client Multiple Vulnerabilities Revision 1.0 For Public Release 2002 September 18 08:00 UTC -0800 ---------------------------------------------------------------------- Contents Summary Affected Products Details...

Multiple bugs in Cisco VPN client

Buffer overflows and DoS during IKE packet parsing...

Cisco VPN 5000 Client Multiple Vulnerabilities

...

Cisco VPN 5000 client buffer overflow vulnerabilities.

Subject : Cisco VPN 5000 client buffer overflow vulnerabilities Platforms : Linux and Solaris Versions : Linux versions prior to 5.2.7 and Solaris versions prior to 5.2.8 are affected. The impact: ----------- Abuse of these vulnerabilities can allow local users to gain super-user privileges. The...

Cisco VPN 5000 Client - Buffer Overrun (2)

Cisco VPN 5000 Client - Buffer Overrun 2 // source: https://www.securityfocus.com/bid/5734/info Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'closetunnel' and 'opentunnel', both...

Cisco VPN 5000 Client - Buffer Overrun (1)

Cisco VPN 5000 Client - Buffer Overrun 1 // source: https://www.securityfocus.com/bid/5734/info Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'closetunnel' and 'opentunnel', both...

Cisco VPN 5000 Client - Buffer Overrun (2)

// source: https://www.securityfocus.com/bid/5734/info Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'closetunnel' and 'opentunnel', both installed setuid root by default. Malicious...