The US Computer Emergency Readiness Team (USCERT) yesterday disclosed a vulnerability in SSL VPN products that can compromise data and systems for users and their employers. SSL VPNs are  used for remote access to email and other private data on company, government and not-for profit networks.  

If use of VPN tunneling can compromise confidential data or allow malware to be injected into database systems then this could be very serious.  

Vulnerability Note VU#261869: Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks.

Note that the vulnerability status of most of these products is "unknown."

SSL VPN tunneling is used extensively and any flaw in its security can expose almost everything to compromise. I have discussed the need for DNSSEC in order to make SSL truly secure in earlier posts here and here.   

This is yet another reason DNSSEC implementation needs to proceed as rapidly as possible.