| Summary: | <net-misc/tinc-1.0.21: "receive_tcppacket()" Buffer Overflow Vulnerability (CVE-2013-1428) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | blueness |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/53108/ | ||
| Whiteboard: | ~1 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
tinc-1.0.21 is in the tree. There are no stable version to rapid stabilize. (In reply to comment #1) > tinc-1.0.21 is in the tree. There are no stable version to rapid stabilize. Older exploitable versions off the tree. CVE-2013-1428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1428): Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet. Closing noglsa for ~arch only. |
From ${URL} : Description A vulnerability has been reported in tinc, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "receive_tcppacket()" function (src/net_packet.c) when processing TCP packets and can be exploited to cause a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 1.0.20. Prior versions may also be affected. Solution Update to version 1.0.21. Provided and/or discovered by The vendor credits Martin Schobert. Original Advisory http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html http://www.tinc-vpn.org/news/