[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] libkmp in Cisco vpn and Oracle pki ?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] libkmp in Cisco vpn and Oracle pki ?
From: BoneMachine <bonemach@xxxxxxxxxxxxxxxx>
Date: Mon, 18 Oct 2004 08:34:03 GMT

In August, ISS reported a vulnerability in the Entrust LibKmp ISAKMP library.
http://xforce.iss.net/xforce/alerts/id/181

SANS reports the 30th of August that Cisco and Oracle may also be vulnerable to 
this flaw.
http://www.sans.org/newsletters/risk/vol3_34.php

Now, I don't know about you but I have not seen a statement from either Cisco 
or Oracle that confirms or denies this. 
Has any of you noticed odd behaviour of your Cisco or Oracle box (or gained 
access to either one using the libkmp issue?)
Does any of you know a way to check for myself to see if the Cisco vpn is 
vulnerable, using proof of concept code or by looking up a versionnumber or 
something.

TIA
Bone Machine

--
"So I applied basicly" -- The Pixies

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [SPAM] Re: [Full-Disclosure] Full-Disclosure Posts
Next by Date: [Full-Disclosure] Patch Integration Engine (PIE) alpha release
Previous by thread: [Full-Disclosure] [SECURITY] [DSA 569-1] New netkit-telnet-ssl packages fix denial of service
Next by thread: [Full-Disclosure] Patch Integration Engine (PIE) alpha release
Index(es):
- Date
- Thread