CVE-2010-3752
Published: 5 October 2010
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.
Priority
Status
Package | Release | Status |
---|---|---|
openswan Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Not vulnerable
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1:2.6.23+dfsg-1ubuntu1)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(1:2.6.28+dfsg-2)
|
|
oneiric |
Not vulnerable
(1:2.6.28+dfsg-2)
|
|
upstream |
Released
(2.6.29)
|
|
Patches: upstream: http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch upstream: http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch |