|
Cisco Warns of Flaw in VPN Client
August 21, 2002 -- Network equipment maker Cisco (Cisco.com) announced this week that there are flaws in some of its VPN clients that may prevent the program from functioning properly.
The vulnerability affects the Cisco VPN Client software earlier than Version 3.6 as well as the Cisco Secure VPN Client and Cisco VPN 3000 Client. The problem does not affect the Cisco VPN 5000 client.
Cisco says the problem may cause the software not to work, but will not compromise the integrity of the data.
The problem is caused when the client receives certain oversized Internet key exchange packets, causing the client buffer to overflow. Certain packets with zero payload can also use up the host machine’s CPU.
According to Cisco there have not yet been any reports of any malicious exploitations of the flaw.
Users can correct the problem by downloading new software from the Cisco Web site. A new version of Cisco VPN client 3.6 is available now, and a fix will be ready for VPN Client Version 3.5.4 and later versions.
Cisco says there are no workarounds for the vulnerability.
Get More VPN News, Subscribe for VPN News Updates
| Find Virtual Private Network (VPN) Service Providers Here |
|
Virtual Private Network (VPN) Service Providers Profiles
Broadband.com, Blue Ridge Networks, CSCI, MegaPath Networks, Virtela, ClearPath Networks, INetU, Verio, AT&T, Intel, Qwest, XO, 3com, Worldcom, Genuity, Sprint, Avaya, Cisco, Nokia, Nortel, Imperito Networks, Nextra, Ashley Laurent, Evidian, Secure-Computing, Covad Communications, SnapGear, Interliant
|
|
