CVE-2010-2628
Published: 20 August 2010
The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.
Notes
| Author | Note |
|---|---|
| kees | this may already be mitigated by FORTIFY_SOURCE |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
strongswan Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Ignored
(end of life)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Not vulnerable
(4.4.1-5ubuntu1)
|
|
| oneiric |
Not vulnerable
(4.4.1-5ubuntu1)
|
|
| precise |
Not vulnerable
(4.4.1-5ubuntu1)
|
|
| quantal |
Not vulnerable
(4.4.1-5ubuntu1)
|
|
| raring |
Not vulnerable
(4.4.1-5ubuntu1)
|
|
| saucy |
Not vulnerable
(4.4.1-5ubuntu1)
|
|
| upstream |
Released
(4.4.1)
|