CVE-2011-3380 – openswan: IKE invalid key length allows remote unauthenticated user to crash openswan
https://notcve.org/view.php?id=CVE-2011-3380
Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. Openswan v2.6.29 a través de v2.6.35 permite a atacantes remotos provocar una denegación de servicio (puntero a NULL y Plutón accidente demonio IKE) a través de un mensaje ISAKMP con un atributo no válido key_length, que no se gestiona adecuadamente por la función de control de errores. • http://secunia.com/advisories/46306 http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt http://www.redhat.com/support/errata/RHSA-2011-1356.html https://access.redhat.com/security/cve/CVE-2011-3380 https://bugzilla.redhat.com/show_bug.cgi?id=742065 •
CVE-2011-2147
https://notcve.org/view.php?id=CVE-2011-2147
Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784. Openswan v2.2.x no restringe correctamente los permisos para (1) /var/run/starter.pid, relacionados con starter.c en el arranque IPsec, y (2) /var/lock/subsys/ipsec, que permite a usuarios locales matar procesos de su elección escribiendo un PID en un archivo, o posiblemente evitar las cuotas de disco por escritura de datos arbitrarios en un archivo, como lo demuestran los archivos con permisos 0666, una vulnerabilidad diferente de CVE-2011-1784. • http://lists.debian.org/debian-security/2011/05/msg00012.html http://lists.debian.org/debian-security/2011/05/msg00013.html http://lists.debian.org/debian-security/2011/05/msg00018.html https://exchange.xforce.ibmcloud.com/vulnerabilities/67822 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-3302 – openswan: buffer overflow vulnerability in XAUTH client-side support
https://notcve.org/view.php?id=CVE-2010-3302
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet. Desbordamiento de búfer en programs/pluto/xauth.c en el cliente en Openswan v2.6.25 a v2.6.28 podría permitir ejecutar código de su elección a través de puertas de enlace remoto autenticadas o causar una denegación de servicio a través de datos demasiado largos en los campos (1) cisco_dns_info o (2) cisco_domain_info. • http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html http://secunia.com/advisories/41769 http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3308 – Openswan cisco banner option handling vulnerability
https://notcve.org/view.php?id=CVE-2010-3308
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field. Desbordamiento de búfer en programs/pluto/xauth.c en el cliente en Openswan v2.6.26 a v2.6.28 podría permitir ejecutar código de su elección a gateways autenticados remotos o causar una denegación de servicio a través de valor excesivamente largo en cisco_banner (también conocido como server_banner). • http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html http://secunia.com/advisories/41769 http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch http://www.redhat.com/support/errata/RHSA-2010-0892.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3752 – Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet
https://notcve.org/view.php?id=CVE-2010-3752
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. programs/pluto/xauth.c en el cliente en Openswan v2.6.26 a v2.6.28 permite ejecutar, a gateways autenticados remotos, comandos de su elección a través de metacaracteres encubiertos en el campo cisco_banner (también conocido como server_banner). Se trata de una vulnerabilidad diferente a CVE-2010-3308. • http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch http://www.redhat.com/support/errata/RHSA-2010-0892.html http://www.securityfocus.com/bid/43588 http://www.securitytracker.com/id?1024749 http://www.vupen.com/english/advisories/2010/2526 https://access.redhat.com/security/cve/C • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •