CVE-2010-3302
Published: 5 October 2010
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.
Notes
Author | Note |
---|---|
mdeslaur | introduced in 2.6.25 |
Priority
Status
Package | Release | Status |
---|---|---|
openswan Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Not vulnerable
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1:2.6.23+dfsg-1ubuntu1)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(1:2.6.28+dfsg-2)
|
|
oneiric |
Not vulnerable
(1:2.6.28+dfsg-2)
|
|
upstream |
Released
(2.6.29)
|
|
Patches: upstream: http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch upstream: http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch |