Cisco VPN Client TCP Filter存在信息泄露漏洞发布时间:2002-09-11 更新时间:2002-09-11 严重程度:中 威胁程度:服务器信息泄露 错误类型:设计错误 利用方式:客户机模式 BUGTRAQ ID:5651 受影响系统 Cisco VPN Client 2.0 for Windows详细描述 当Cisco VPN客户端运行在"all tunnel mode"模式下,会应答来自外部tunnel的信息包,这可能导致泄露敏感信息给攻击者。 如果Cisco VPN客户端运行在"split tunneling mode"则不存在这个漏洞,另外3.5.x版本客户端如果防火墙配置成运行在"always on"模式下也不存在这个漏洞。3.6(Rel) 版本客户端即使防火墙配置成运行在"always on"模式下也存在这个漏洞。 测试代码 无 解决方案 升级程序到3.5.4版本或者3.6.1版本: Cisco VPN Client 2.0 for Windows: Cisco VPN Client 3.0 for Windows: Cisco VPN Client 3.0.5 for Windows: Cisco VPN Client 3.1 for Windows: Cisco VPN Client 3.5.1 C for Windows: Cisco Upgrade VPN Client 3.5.4 Cisco VPN Client 3.5.1 for Windows: Cisco Upgrade VPN Client 3.5.4 Cisco VPN Client 3.5.1 for Solaris: Cisco Upgrade VPN Client 3.5.4 Cisco VPN Client 3.5.1 for Mac OS X: Cisco Upgrade VPN Client 3.5.4 Cisco VPN Client 3.5.1 for Linux: Cisco Upgrade VPN Client 3.5.4 Cisco VPN Client 3.5.2 for Windows: Cisco Upgrade VPN Client 3.5.4 Cisco VPN Client 3.5.2 for Solaris: Cisco Upgrade VPN Client 3.5.4 Cisco VPN Client 3.5.2 for Mac OS X: Cisco Upgrade VPN Client 3.5.4 Cisco VPN Client 3.5.2 for Linux: Cisco Upgrade VPN Client 3.5.4 Cisco VPN Client 3.6 (Rel) for Windows: Cisco Upgrade VPN Client 3.6.1 Cisco VPN Client 3.6 for Windows: Cisco Upgrade VPN Client 3.6.1 Cisco VPN Client 3.6 for Solaris: Cisco Upgrade VPN Client 3.6.1 Cisco VPN Client 3.6 for Mac OS X: Cisco Upgrade VPN Client 3.6.1 Cisco VPN Client 3.6 for Linux: Cisco Upgrade VPN Client 3.6.1 相关信息 参考:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml |
