Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI giving a false positive for 32-bit 5.0.07.0290

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Cisco
And, this specific program:
Cisco VPN Client 5.x

This thread has been marked as resolved.
jlogan PSI giving a false positive for 32-bit 5.0.07.0290
Member 1st Apr, 2011 07:15
Ranking: 0
Posts: 2
User Since: 3rd Sep, 2010
System Score: N/A
Location: N/A
PSI is reporting a false positive for the 32-bit version 5.0.07.0290.

From the Cisco advisory (note the last line) http://www.cisco.com/warp/public/707/cisco-sa-2007...

"Note: Releases 5.0.7.0240 (beta release) and 5.0.7.0290 (official release) of the 64-bit version of the Cisco VPN Client had a regression in the fix for the vulnerability "Local Privilege Escalation Through Default cvpnd.exe File Permissions". Release 5.0.7.0440 of the 64-bit Cisco VPN Client fixes this regression. 32-bit versions of the Cisco VPN Client did not have this regression."

Affected versions:

"32-bit Cisco VPN Client: all versions up to but not including 5.0.01.0600"

Post "RE: PSI giving a false positive for 32-bit 5.0.07.0290 " has been selected as an answer.
Anthony Wells RE: PSI giving a false positive for 32-bit 5.0.07.0290
Expert Contributor 1st Apr, 2011 12:22
Score: 2414
Posts: 3,310
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 1st Apr, 2011 12:26
Hi ,

This problem has already been raised in three other threads :-

http://secunia.com/community/forum/thread/show/797...

http://secunia.com/community/forum/thread/show/798...

http://secunia.com/community/forum/thread/show/797...

As Secunia support are busy elsewhere atm and there has been no report back in those threads , I have emailed Support to ask for a status update ; I will advise what I hear .

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Anthony Wells RE: PSI giving a false positive for 32-bit 5.0.07.0290
Expert Contributor 1st Apr, 2011 13:36
Score: 2414
Posts: 3,310
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 1st Apr, 2011 13:37
Hi ,

Secunia Support advise me that they have updated the PSI detection rules to follow the 32 bit version ; whilst 64 bit users will need to look at the extra info provided for them in the "Program Details' when you open the expansion window (double click the "detected instance") .

A full system scan is likely to be needed to reset the PSI display .

Let us know how you go .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
jlogan RE: PSI giving a false positive for 32-bit 5.0.07.0290
Member 1st Apr, 2011 23:59
Score: 0
Posts: 2
User Since: 3rd Sep 2010
System Score: N/A
Location: N/A
A rescan corrected the issue. Thank you.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability