National Cyber Awareness System

Vulnerability Summary for CVE-2009-4118

Overview

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2009-3296

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2009/3296

External Source: BID

Name: 37077

Hyperlink:http://www.securityfocus.com/bid/37077

External Source: CONFIRM

Name: http://tools.cisco.com/security/center/viewAlert.x?alertId=19445

Type: Advisory

Hyperlink:http://tools.cisco.com/security/center/viewAlert.x?alertId=19445

External Source: SECUNIA

Name: 37419

Type: Advisory

Hyperlink:http://secunia.com/advisories/37419

External Source: MISC

Name: http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt

Hyperlink:http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt