Cisco Systems Inc. Information for VU#287771

Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets

Status

Affected

Vendor Statement

Please see

    http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Vendor References

    None

    Addendum

    According to the report, the Cisco VPN Client 3.5 running on Windows NT 4.0 SP6 contains two buffer overflows, one of which may be exploitable. In addition, the Client contains two denial-of-service conditions.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.