Secunia

Some vulnerabilities have been reported in Cisco Secure Desktop, which can be exploited by malicious, local users to gain knowledge of sensitive information, bypass certain security restrictions, or gain escalated privileges on a vulnerable system.

1) Internet browsers that are automatically spawned after establishing an SSL VPN connection uses a directory outside of the CSD vault. Users are then able to save files downloaded during the internet browsing session into the said directory, which results in unencrypted files remaining in the system after the SSL VPN session.

Successful exploitation requires that Cisco SSL VPN is configured to automatically spawn a browser after a successful connection.

2) Users are able to switch between the Secure Desktop and the Local (non-secure) Desktop when using applications that attempt to switch to the default desktop.

3) When installed on an NTFS file system, insecure default permissions are placed on the installation directory. This can be exploited to remove, manipulate, and replace any of the application's file.

Successful exploitation allows execution of arbitrary commands with SYSTEM privileges.

Solution
Update to version 3.1.1.45.

Provided and/or discovered by
1, 2) Reported by the vendor
3) Titon, Bastard Labs.

Changelog
Further details available in Customer Area

Original Advisory
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442

Deep Links
Links available in Customer Area