-->Share |Published: 2011-06-28,
Last Updated: 2011-06-28 20:14:39 UTC
by Johannes Ullrich (Version: 1)
Cisco released earlier today a bulletin regarding a vulnerability in the Cisco VPN client for Windows 7. The vulnerability is pretty simple: The client runs as a service, and all users logged in interactively have full access to the executable. A user could now replace the executable, restart the system and have the replacement running under the LocalSystem account.
The fix is pretty simple: Revoke the access rights for interactive users.
The interesting part : NGS Secure Research found the vulnerability, and released the details after Cisco released the patch . The vulnerability is almost identical to one found in 2007 by the same company in the same product 
Very sad at times how some vendors don't learn. Lucky that at least companies like NGS appear to be doing some of the QA for them.
脱毛って医療脱毛とサロンどっちを選ぶのが良いの？ - 光とレーザー ムダ毛処理は本当に面倒、それでなくても忙しくて脱毛してる時間なんて … 続きを読む →
1 anno fa