http://www.macnn.com/articles/02/06/19/cisco.to/
Cisco to fix VPN vulnerability with update
updated 02:30 pm EDT, Wed June 19, 2002
",
0, 0);
Cisco will be releasing a update to its Cisco VPN Client shortly to fix a security vulnerability, according to SecureMac: "A local user could exploit the Cisco UNIX VPN client software if installed on the computer by executing arbitrary code granting administrative privledges. If the user has not altered the setuid permissions vpnclient will give administrative privledges allowing the user to modify any part of the system without authorization." The report also notes that the vulnerability can be mitigated by altering the permission of the binary using the 'chmod' command."
