28 giugno 2011

ISC Diary | Deja-Vu: Cisco VPN Windows Client Privilege Escalation


Deja-Vu: Cisco VPN Windows Client Privilege Escalation

Share |

Published: 2011-06-28,
Last Updated: 2011-06-28 20:14:39 UTC
by Johannes Ullrich (Version: 1)

1 comment(s)

Cisco released earlier today a bulletin regarding a vulnerability in the Cisco VPN client for Windows 7. The vulnerability is pretty simple: The client runs as a service, and all users logged in interactively have full access to the executable. A user could now replace the executable, restart the system and have the replacement running under the LocalSystem account.

The fix is pretty simple: Revoke the access rights for interactive users.

The interesting part : NGS Secure Research found the vulnerability, and released the details after Cisco released the patch [1]. The vulnerability is almost identical to one found in 2007 by the same company in the same product [2]

Very sad at times how some vendors don't learn. Lucky that at least companies like NGS appear to be doing some of the QA for them.

[1] http://www.securityfocus.com/archive/1/518638
[2] http://www.securityfocus.com/archive/1/476812

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: cisco vpn
1 comment(s)

Nessun commento: