Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:18
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html - | |
| References | () http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html - | |
| References | () http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html - | |
| References | () http://secunia.com/advisories/41769 - | |
| References | () http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt - Vendor Advisory | |
| References | () http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch - Patch | |
| References | () http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch - Patch | |
| References | () http://www.redhat.com/support/errata/RHSA-2010-0892.html - | |
| References | () http://www.securityfocus.com/bid/43588 - | |
| References | () http://www.securitytracker.com/id?1024749 - | |
| References | () http://www.vupen.com/english/advisories/2010/2526 - Vendor Advisory |
Information
Published : 2010-10-05 22:00
Updated : 2025-04-11 00:51
NVD link : CVE-2010-3302
Mitre link : CVE-2010-3302
CVE.ORG link : CVE-2010-3302
JSON object : View
Products Affected
xelerance
- openswan
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer