Cisco VPN Client Vulnerabilities Discovered

September 23, 2002 -- According to reports released last week by Cisco Systems and security company Ubizen NV, new vulnerabilities discovered in Cisco’s virtual private network 5000 client software could give an attacker root access to a workstation or allow them to capture password information used by the client.

The root access vulnerability reportedly affects the Linux and Solaris versions of the VPN 5000 Client, while the password vulnerability affects the VPN 5000 Client for Macintosh.

Cisco released an advisory about the vulnerabilities late Wednesday, providing links to bug identifiers and software updates on the Cisco Web site.

Engineers at Ubizen identified buffer overflow conditions, in the case of the Linux and Solaris vulnerabilities, that could enable an attacker logged on to the remote workstation to assign root priveliges to their own login account, granting them administrative control over that workstation and access to data stored on the machine.

The buffer overflow vulnerability is said to be easily executed, but would require local access to the machine running the VPN client, and would only compromise the security of the local workstation, not the remote networks connected to by the VPN client.

The VPN Client password vulnerability affecting VPN 5000 clients for the Mac OS involves the use of clear text to store remote network login passwords, and could easily be read by an attacker using a resource editing tool, providing access to the remote workstation.