In association with heise online

09 November 2006, 12:24

Security update for Cisco's Secure Desktop

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco has released version 3.1.1.45 of its Cisco Secure Desktop (CSD) for download. This fixes three vulnerabilities. For example, CSD records some session information outside the CSD vault during automatic display of a homepage when an SSL-VPN connection is established. The CSD vault serves to hold user data in a secure environment for protection against unauthorised access during operation and after. The flaw could under certain circumstances allow spying on the surf history and the cache once CSD has terminated.

Another error in CSD allows users to switch between specific programs on the Secure Desktop and the operating system's normal, invisible desktop, even if the configuration expressly forbids this. It is also possible for users to achieve elevated access rights on the system by exchanging specific CSD binaries for their own programs – the update removes the user's write privileges for the CSD installation folder.

See also:

(ehe)

Print Version | Send by email | Permalink: http://h-online.com/-731779
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit