lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200410180834.i9I8Y3Ct023929@sdf.lonestar.org>
From: bonemach at sdf.lonestar.org (BoneMachine)
Subject: libkmp in Cisco vpn and Oracle pki ?

In August, ISS reported a vulnerability in the Entrust LibKmp ISAKMP library.
http://xforce.iss.net/xforce/alerts/id/181

SANS reports the 30th of August that Cisco and Oracle may also be vulnerable to this flaw.
http://www.sans.org/newsletters/risk/vol3_34.php

Now, I don't know about you but I have not seen a statement from either Cisco or Oracle that confirms or denies this. 
Has any of you noticed odd behaviour of your Cisco or Oracle box (or gained access to either one using the libkmp issue?)
Does any of you know a way to check for myself to see if the Cisco vpn is vulnerable, using proof of concept code or by looking up a versionnumber or something.

TIA
Bone Machine

--
"So I applied basicly" -- The Pixies

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ