Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 339669 (CVE-2010-3302)

Summary: net-misc/openswan: Two Buffer Overflow Vulnerabilities (CVE-2010-{3302,3308})
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mmokrejs, mrness
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openswan.org/security/CVE-2010-3302.php
Whiteboard: B2 [noglsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2010-10-04 03:18:00 UTC 
From http://secunia.com/advisories/41689/:

<--

Multiple vulnerabilities have been reported in Openswan, which can be exploited by malicious people to compromise a user's system.

1) A boundary error when processing the "cisco_dns_info" and "cisco_domain_info" fields can be exploited to cause a buffer overflow via a specially crafted packet with DNS payload.

2) A boundary error when processing the "cisco_banner" or "server_banner" fields can be exploited to cause a buffer overflow via a string longer than 500 characters.

NOTE: This vulnerability was introduced in version 2.6.26.

3) An input sanitation error when processing the "cisco_dns_info", "cisco_domain_info", "cisco_banner", and "server_banner" fields can be exploited to inject arbitrary shell commands via a specially crafted string.

Successful exploitation of these vulnerabilities may allow execution of arbitrary code but requires tricking a user into connecting to a malicious Cisco compatible gateway using Extended Authentication (XAUTH).

The vulnerabilities are reported in version 2.6.25 through 2.6.28.

<--

CVE-2010-3302 is for 2.6.25; CVE-2010-3308 is for 2.6.26-2.6.28.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-10-04 03:20:41 UTC 
Hi, mrness.

Since we do not have any 2.6 ebuilds stabilized, would you like to investigate the impact to 2.4.15? Or should we work to stabilize 2.6.29?

Thanks!
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-10-04 11:15:47 UTC 
We need to investigate the impact on 2.4.x because that will determine if we have to write a GLSA! If there never was a vulnerable version stable, we won't have to write one.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2010-11-19 06:18:47 UTC 
According to these two pages

http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt
http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt

these issues do not affect openswan 2.4. For openswan 2.6 which is currently ~arch, net-misc/openswan-2.6.29 is fixed and is already in the tree.

Closing noglsa.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2010-12-31 08:57:22 UTC 
*** Bug 350104 has been marked as a duplicate of this bug. ***