lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200312181635.00025.sha@cisco.com>
Date: Thu, 18 Dec 2003 16:34:58 -0800
From: Sharad Ahlawat <sha@...co.com>
To: Chris <serlin@...soc.org>
Cc: Thor Lancelot Simon <tls@....tjls.com>, bugtraq@...urityfocus.com
Subject: Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco,


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Chris,

This fix is integrated in VPN client releases
3.5.1C and later
3.6(Rel) and later
3.7(Rel) and later
4.0(Rel) and later

The feature is documented at
http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel4_0/admin_gd/vcach2.htm#19276
Refer to the .pcf Parameter (Keyword) "VerifyCertDN".

The above URL is also now documented in the Release-note for CSCdw87717 to
make it more convenient to find, by our customers.

Brgds,
/Sharad

On Thursday 18 December 2003 13:13, Chris wrote:
> 
> >This is in response to the mail posted by Thor Lancelot Simon. The original 
> >mail is available at http://www.securityfocus.com/archive/1/347351 in which 
> >Thor has listed two issues. Documented below is Cisco's response to them.
> >
> >Issue #1: Cisco addressed this issue as part of CSCdw87717 wherein the Cert 
> >Domain Name verification feature was implemented. This issue has been 
> >documented under the Cisco security advisory
> >http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml.
> >  
> >
> 
> I've looked through the literature and the software (4.0 rel) for the 
> past week, I haven't been able to find
> anything related to this. I've had several people brighter than I look 
> into this, they also weren't able to find any
> sort of fix. we may very well may have missed it, but is it possible 
> this feature went missing in 4.0?
> 
> Thanks,
> Chris
> 
> 
> 

- -- 
Sharad Ahlawat
Cisco Product Security Incident Response Team (PSIRT)
http://www.cisco.com/go/psirt
Phone:+1 (408) 527-6087
PGP-key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC12A996C
-----BEGIN PGP SIGNATURE-----
Comment: PGP Signed by Sharad Ahlawat

iD8DBQE/4keyGoGomMEqmWwRAvsrAKDYloveRWPX+UZYgfb/8SNpPe7SkgCcC8n4
z0IQzwCoEsHNgRcVb7kqLHo=
=26EB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ