CVE-2007-1064

Name of the Vulnerable Software and Affected Versions: Cisco Secure Services Client (CSSC) versions 4.x Trust Agent versions 1.x through 2.x Cisco Security Agent (CSA) versions 5.0 through 5.1 Meetinghouse AEGIS SecureConnect Client (affected versions not specified)

Description: The issue allows local users to gain privileges when the help facility in the supplicant GUI is invoked, due to the failure to drop privileges.

Recommendations: For CSSC version 4.x, update to a version that drops privileges when the help facility is invoked. For Trust Agent versions 1.x through 2.x, update to a version that drops privileges when the help facility is invoked. For CSA versions 5.0 through 5.1, update to a version that drops privileges when the help facility is invoked, ensuring the vulnerable Trust Agent is not deployed. For Meetinghouse AEGIS SecureConnect Client, at the moment, there is no information about a newer version that contains a fix for this issue.