Published: 28/05/2002 Updated: 05/09/2008
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Buffer overflow in the vpnclient program for UNIX VPN Client prior to 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.

Affected Products

Vendor Product Versions
CiscoVpn Client3.5.1

Vendor Advisories

A buffer overflow in the Cisco VPN Clients for Linux, Solaris, and Mac OS X platforms can be exploited locally to gain administrative privileges on the client system The vulnerability can be mitigated by removing the "setuid" permissions on the vpnclient binary executable file The Cisco VPN Clients for Windows platforms are not affected ...


source: wwwsecurityfocuscom/bid/5056/info The Cisco VPN Client software is used to establish Virtual Private Network (VPN) connections between client machines and a Cisco VPN Concentrator A vulnerability has been reported in some versions of the VPN Client If an oversized profile name is passed to the vpnclient binary, a buffer overflo ...