[VPN] Cisco Security Advisory - Vuln in XAUTH implementation
Tina Bird
tbird at precision-guesswork.com
Wed Apr 6 13:21:38 EDT 2005
>From the advisory:
Summary
=======
Cisco Internetwork Operating System (IOS) Software release trains 12.2T,
12.3 and 12.3T may contain vulnerabilities in processing certain Internet
Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized
user to complete authentication and potentially access network resources.
This advisory will be posted to
http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Cisco has made free software available to address this vulnerability for
affected customers.
More information about the VPN
mailing list