CVE-2018-16758
https://notcve.org/view.php?id=CVE-2018-16758
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. La falta de autenticación de mensajes en el protocolo meta en Tinc VPN en versiones 1.0.34 y anteriores permite que un ataque Man-in-the-Middle (MitM) deshabilite el cifrado de paquetes VPN. • http://tinc-vpn.org/security http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=e97943b7cc9c851ae36f5a41e2b6102faa74193f https://www.debian.org/security/2018/dsa-4312 https://www.starwindsoftware.com/security/sw-20190227-0003 • CWE-306: Missing Authentication for Critical Function •
CVE-2018-16738
https://notcve.org/view.php?id=CVE-2018-16738
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1. tinc, desde la versión 1.0.30 hasta la 1.0.34 tiene un protocolo de autenticación roto, aunque hay una mitigación parcial. Esto se ha solucionado en la versión 1.1. • http://tinc-vpn.org/security http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a https://www.debian.org/security/2018/dsa-4312 https://www.starwindsoftware.com/security/sw-20190227-0002 • CWE-287: Improper Authentication •
CVE-2018-16737
https://notcve.org/view.php?id=CVE-2018-16737
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. tinc en versiones anteriores a la 1.0.30 tiene un protocolo de autenticación roto, incluso sin una mitigación parcial. • http://tinc-vpn.org/security http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a https://www.starwindsoftware.com/security/sw-20190227-0001 • CWE-287: Improper Authentication •
CVE-2013-1428 – Tincd - (Authenticated) Remote TCP Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-1428
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet. Desbordamiento de búfer en la función receive_tcppacket en net_packet.c en tinc anteriores a v1.0.21 y v1.1 anteriores a v1.1pre7 permite a pares de remotos autenticados para provocar una denegación de servicio (caída) o posiblemente ejecutar código a través de paquetes TCP. • https://www.exploit-db.com/exploits/35441 http://freecode.com/projects/tinc/releases/354122 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105531.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105559.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106167.html http://osvdb.org/92653 http://secunia.com/advisories/53087 http://secunia.com/advisories/53108 http://www.debian.org/security/2013/dsa-2663 http://www.securityfo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •