|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [VulnWatch] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
From: Mike Iglesias (iglesias
draco.acs.uci.edu)
Date: Wed Feb 01 2006 - 01:15:35 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Finally, the advisory states that upgrading to firmware version 4.7.2B is
> sufficient to defend against this exploit. This is not the case. The
> original tests WERE performed against VPN 3000 appliances running 4.7.1
> but subsequent tests show that 4.7.2B is also susceptible to this
> exploit. The only way to resolve this issue is to block tcp/80 via ACL or
> by disabling it on the WebVPN.
FYI: I asked Cisco which version this bug was fixed in, and they said
that 4.7.2(C) has the fix.
Mike Iglesias Email: iglesiasuci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2069
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]