Home page logo

fulldisclosure logo Full Disclosure mailing list archives

libkmp in Cisco vpn and Oracle pki ?
From: BoneMachine <bonemach () sdf lonestar org>
Date: Mon, 18 Oct 2004 08:34:03 GMT

In August, ISS reported a vulnerability in the Entrust LibKmp ISAKMP library.

SANS reports the 30th of August that Cisco and Oracle may also be vulnerable to this flaw.

Now, I don't know about you but I have not seen a statement from either Cisco or Oracle that confirms or denies this. 
Has any of you noticed odd behaviour of your Cisco or Oracle box (or gained access to either one using the libkmp 
Does any of you know a way to check for myself to see if the Cisco vpn is vulnerable, using proof of concept code or by 
looking up a versionnumber or something.

Bone Machine

"So I applied basicly" -- The Pixies

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • libkmp in Cisco vpn and Oracle pki ? BoneMachine (Oct 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]