|
|
|
archives If you want an RSS feed try this
Friday, May 09, 2003Cisco VPN Vulnerable
 Three major issues are affecting the Cisco VPN 3000 series VPN concentrator, these are detailed in the advisories listed below, and affect models 3005, 3015, 3030, 3060, 3080 and the Cisco VPN 3002 Hardware Client. The flaws affect IPSec over TCP which could enable a user on the internet to gain access to the internal network with NO authentication. The SSH initialisation vulnerability could cause the concentrator to reload the operating system, thus is a highly effective DoS attack. A similar problem can occur if a flood of malformed ICMP packets are sent to the system. Cisco detail software revisions / upgrades and a variety of configuration measures to avoid the problems.
Cisco Advisory
CSCea77143 - enabling IPSec over TCP vulnerability
CSCdz15393 - malformed SSH initialization packet vulnerability
CSCdt84906 - malformed ICMP traffic vulnerability
posted by Robert Campbell 3:33 PM ICQ opens the door to takover
 Half a dozen vulerabilities have been identified in AOL's ICQ Pro instant messaging client, according to Core Security Technologies a Boston based company. The flaws affect all versions of the Mirabilis ICQ Pro 2003a release, it is not thought that the free Lite version ihas the same problems. The most serious issue seems to be with the POP3 mail client component. In the absence of a patch for the product it would be advisable to disable the mail client features. Here at ecommnet we recomend that ICQ is one protocol that's not used in a commercial environment at all!
Related links
IDGposted by Robert Campbell 3:20 PM Monday, May 05, 2003ecommnet gets a site makeover
 ecommnet's web site gets a major makover, well you are looking at it now. It's accessible and its functional, looks good too.posted by Robert Campbell 8:02 AM
|
