cisco-sa-20020619-unix-vpn-buffer-overflow · NA · Published · Updated
A buffer overflow in the Cisco VPN Clients for Linux, Solaris, and Mac OS X platforms can be exploited locally to gain administrative privileges on the client system. The vulnerability can be mitigated by removing the "setuid" permissions on the vpnclient binary executable file. The Cisco VPN Clients for Windows platforms are not affected. The vulnerability has been repaired in version 3.5.2. Cisco is making fixed software available free to affected customers. This issue is documented as CSCdx39290. Cisco is not aware of any public discussion or active exploitation of this vulnerability. The official current copy of this security advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020619-unix-vpn-buffer-overflow.