Forum Thread: PSI giving a false positive for 32-bit 5.0.07.0290

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Cisco
And, this specific program:
Cisco VPN Client 5.x

This thread has been marked as resolved.
jlogan PSI giving a false positive for 32-bit 5.0.07.0290
Member 1st Apr, 2011 07:15
Ranking: 0
Posts: 2
User Since: 3rd Sep, 2010
System Score: N/A
Location: N/A
PSI is reporting a false positive for the 32-bit version 5.0.07.0290.

From the Cisco advisory (note the last line) http://www.cisco.com/warp/public/707/cisco-sa-2007...

"Note: Releases 5.0.7.0240 (beta release) and 5.0.7.0290 (official release) of the 64-bit version of the Cisco VPN Client had a regression in the fix for the vulnerability "Local Privilege Escalation Through Default cvpnd.exe File Permissions". Release 5.0.7.0440 of the 64-bit Cisco VPN Client fixes this regression. 32-bit versions of the Cisco VPN Client did not have this regression."

Affected versions:

"32-bit Cisco VPN Client: all versions up to but not including 5.0.01.0600"

Post "RE: PSI giving a false positive for 32-bit 5.0.07.0290 " has been selected as an answer.
Anthony Wells RE: PSI giving a false positive for 32-bit 5.0.07.0290
Expert Contributor 1st Apr, 2011 12:22
Score: 2468
Posts: 3,356
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 1st Apr, 2011 12:26
Hi ,

This problem has already been raised in three other threads :-

http://secunia.com/community/forum/thread/show/797...

http://secunia.com/community/forum/thread/show/798...

http://secunia.com/community/forum/thread/show/797...

As Secunia support are busy elsewhere atm and there has been no report back in those threads , I have emailed Support to ask for a status update ; I will advise what I hear .

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Anthony Wells RE: PSI giving a false positive for 32-bit 5.0.07.0290
Expert Contributor 1st Apr, 2011 13:36
Score: 2468
Posts: 3,356
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 1st Apr, 2011 13:37
Hi ,

Secunia Support advise me that they have updated the PSI detection rules to follow the 32 bit version ; whilst 64 bit users will need to look at the extra info provided for them in the "Program Details' when you open the expansion window (double click the "detected instance") .

A full system scan is likely to be needed to reset the PSI display .

Let us know how you go .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
jlogan RE: PSI giving a false positive for 32-bit 5.0.07.0290
Member 1st Apr, 2011 23:59
Score: 0
Posts: 2
User Since: 3rd Sep 2010
System Score: N/A
Location: N/A
A rescan corrected the issue. Thank you.
Was this reply relevant?
+0
-0

This thread has been marked as locked.