Buffer overflow in the vpnclient program for UNIX VPN Client prior to 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
A buffer overflow in the Cisco VPN Clients for Linux, Solaris, and Mac
OS X platforms can be exploited locally to gain administrative privileges on
the client system The vulnerability can be mitigated by removing the "setuid"
permissions on the vpnclient binary executable file The Cisco VPN Clients for
Windows platforms are not affected ...
source: wwwsecurityfocuscom/bid/5056/info
The Cisco VPN Client software is used to establish Virtual Private Network (VPN) connections between client machines and a Cisco VPN Concentrator
A vulnerability has been reported in some versions of the VPN Client If an oversized profile name is passed to the vpnclient binary, a buffer overflo ...
Vulmon