CVE-2011-4073 – openswan: use-after-free vulnerability leads to DoS
https://notcve.org/view.php?id=CVE-2011-4073
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. Una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad del manejador auxiliar criptográfico en Openswan versión 2.3.0 hasta 2.6.36, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio pluto IKE) por medio de vectores relacionados con las funciones (1) quick_outI1_continue y (2) quick_outI1. • http://secunia.com/advisories/46678 http://secunia.com/advisories/46681 http://secunia.com/advisories/47342 http://www.debian.org/security/2011/dsa-2374 http://www.openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt http://www.redhat.com/support/errata/RHSA-2011-1422.html http://www.securityfocus.com/bid/50440 http://www.securitytracker.com/id?1026268 https://access.redhat.com/security/cve/CVE-2011-4073 https://bugzilla.redhat.com/show_bug.cgi?id=748961 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2011-3380 – openswan: IKE invalid key length allows remote unauthenticated user to crash openswan
https://notcve.org/view.php?id=CVE-2011-3380
Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. Openswan v2.6.29 a través de v2.6.35 permite a atacantes remotos provocar una denegación de servicio (puntero a NULL y Plutón accidente demonio IKE) a través de un mensaje ISAKMP con un atributo no válido key_length, que no se gestiona adecuadamente por la función de control de errores. • http://secunia.com/advisories/46306 http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt http://www.redhat.com/support/errata/RHSA-2011-1356.html https://access.redhat.com/security/cve/CVE-2011-3380 https://bugzilla.redhat.com/show_bug.cgi?id=742065 •
CVE-2010-3302 – openswan: buffer overflow vulnerability in XAUTH client-side support
https://notcve.org/view.php?id=CVE-2010-3302
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet. Desbordamiento de búfer en programs/pluto/xauth.c en el cliente en Openswan v2.6.25 a v2.6.28 podría permitir ejecutar código de su elección a través de puertas de enlace remoto autenticadas o causar una denegación de servicio a través de datos demasiado largos en los campos (1) cisco_dns_info o (2) cisco_domain_info. • http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html http://secunia.com/advisories/41769 http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3752 – Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet
https://notcve.org/view.php?id=CVE-2010-3752
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. programs/pluto/xauth.c en el cliente en Openswan v2.6.26 a v2.6.28 permite ejecutar, a gateways autenticados remotos, comandos de su elección a través de metacaracteres encubiertos en el campo cisco_banner (también conocido como server_banner). Se trata de una vulnerabilidad diferente a CVE-2010-3308. • http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch http://www.redhat.com/support/errata/RHSA-2010-0892.html http://www.securityfocus.com/bid/43588 http://www.securitytracker.com/id?1024749 http://www.vupen.com/english/advisories/2010/2526 https://access.redhat.com/security/cve/C • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2010-3753 – Openswan: Gateway arbitrary execution via shell metacharacters in the cisco_banner
https://notcve.org/view.php?id=CVE-2010-3753
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308. programs/pluto/xauth.c en el cliente en Openswan v2.6.26 a v2.6.28 permite ejecutar, a gateways autenticados remotos, comandos de su elección a través de metacaracteres encubiertos en el campo cisco_banner (también conocido como server_banner). Se trata de una vulnerabilidad diferente a CVE-2010-3308. • http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch http://www.redhat.com/support/errata/RHSA-2010-0892.html http://www.securityfocus.com/bid/43588 http://www.securitytracker.com/id?1024749 http://www.vupen.com/english/advisories/2010/2526 https://access.redhat.com/security/cve/CVE-2010-3753 https://bugzilla.redhat.com/show_bug.cgi?id=640715 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •