CVE-2009-4118 – Cisco VPN Client - Integer Overflow Denial of Service

https://notcve.org/view.php?id=CVE-2009-4118

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. La función StartServiceCtrlDispatcher en el servicio cvpnd (cvpnd.exe) del cliente Cisco VPN para Windows versiones anteriores a 5.0.06.0100 no maneja correctamente un error ERROR_FAILED_SERVICE_CONTROLLER_CONNECT, permitiendo que usuarios locales provoquen una denegación de servicio (parada del servicio y perdida de conexión VPN) mediante un inicio manual de cvpnd.exe mientras se está ejecutando el servicio cvpnd. • https://www.exploit-db.com/exploits/10190 https://github.com/alt3kx/CVE-2009-4118 http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt http://secunia.com/advisories/37419 http://tools.cisco.com/security/center/viewAlert.x?alertId=19445 http://www.securityfocus.com/bid/37077 http://www.vupen.com/english/advisories/2009/3296 •