In August, ISS reported a vulnerability in the Entrust LibKmp ISAKMP library. http://xforce.iss.net/xforce/alerts/id/181
SANS reports the 30th of August that Cisco and Oracle may also be vulnerable to this flaw. http://www.sans.org/newsletters/risk/vol3_34.php Now, I don't know about you but I have not seen a statement from either Cisco or Oracle that confirms or denies this. Has any of you noticed odd behaviour of your Cisco or Oracle box (or gained access to either one using the libkmp issue?) Does any of you know a way to check for myself to see if the Cisco vpn is vulnerable, using proof of concept code or by looking up a versionnumber or something. TIA Bone Machine -- "So I applied basicly" -- The Pixies _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
