CVE-2018-16758
https://notcve.org/view.php?id=CVE-2018-16758
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. La falta de autenticación de mensajes en el protocolo meta en Tinc VPN en versiones 1.0.34 y anteriores permite que un ataque Man-in-the-Middle (MitM) deshabilite el cifrado de paquetes VPN. • http://tinc-vpn.org/security http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=e97943b7cc9c851ae36f5a41e2b6102faa74193f https://www.debian.org/security/2018/dsa-4312 https://www.starwindsoftware.com/security/sw-20190227-0003 • CWE-306: Missing Authentication for Critical Function •
CVE-2018-16737
https://notcve.org/view.php?id=CVE-2018-16737
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. tinc en versiones anteriores a la 1.0.30 tiene un protocolo de autenticación roto, incluso sin una mitigación parcial. • http://tinc-vpn.org/security http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a https://www.starwindsoftware.com/security/sw-20190227-0001 • CWE-287: Improper Authentication •
CVE-2013-1428 – Tincd - (Authenticated) Remote TCP Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-1428
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet. Desbordamiento de búfer en la función receive_tcppacket en net_packet.c en tinc anteriores a v1.0.21 y v1.1 anteriores a v1.1pre7 permite a pares de remotos autenticados para provocar una denegación de servicio (caída) o posiblemente ejecutar código a través de paquetes TCP. • https://www.exploit-db.com/exploits/35441 http://freecode.com/projects/tinc/releases/354122 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105531.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105559.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106167.html http://osvdb.org/92653 http://secunia.com/advisories/53087 http://secunia.com/advisories/53108 http://www.debian.org/security/2013/dsa-2663 http://www.securityfo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2002-1755
https://notcve.org/view.php?id=CVE-2002-1755
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. • http://www.securityfocus.com/archive/1/249142 https://exchange.xforce.ibmcloud.com/vulnerabilities/7868 •
CVE-2001-1505
https://notcve.org/view.php?id=CVE-2001-1505
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets. • http://www.securityfocus.com/archive/1/249142 http://www.securityfocus.com/bid/3837 https://exchange.xforce.ibmcloud.com/vulnerabilities/7870 •