Release date:
Updated on: 2010-09-30
Affected Systems:
Openswan 2.6.x
Unaffected system:
Openswan 2.6.29
Description:
--------------------------------------------------------------------------------
Bugtraq id: 43588
Cve id: CVE-2010-3302, CVE-2010-3308
Openswan is an IPSEC implementation in Linux based on the FreeS/WAN project.
Openswan XAUTH Cisco processing code has multiple security vulnerabilities. When openswan is connected to a malicious gateway, cisco_dns_info and cisco_domain_info are declared as fixed-length buffers. If enough DNS load is sent in a single message, the buffer overflow occurs. In addition, malicious characters in these fields are copied to fmt_common_shell_out () without being filtered, malicious commands may be injected.
<* Source: D. Hugh Redelmeier (hugh@mimosa.com)
Paul@xelerance.com (Paul Wouters)
Link: http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt
Http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Openswan
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openswan.org/download/openswan-2.6.29.tar.gz
Http://www.openswan.org/download/openswan-2.6.29.tar.gz.asc