CVE-2010-3753
Published: 5 October 2010
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.
Priority
Status
Package | Release | Status |
---|---|---|
openswan
Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Not vulnerable
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1:2.6.23+dfsg-1ubuntu1)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(1:2.6.28+dfsg-2)
|
|
oneiric |
Not vulnerable
(1:2.6.28+dfsg-2)
|
|
upstream |
Released
(2.6.29)
|
|
Patches:
upstream: http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch |