Summary: | <net-misc/tinc-1.0.21: "receive_tcppacket()" Buffer Overflow Vulnerability (CVE-2013-1428) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | blueness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/53108/ | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-04-23 13:51:52 UTC
tinc-1.0.21 is in the tree. There are no stable version to rapid stabilize. (In reply to comment #1) > tinc-1.0.21 is in the tree. There are no stable version to rapid stabilize. Older exploitable versions off the tree. CVE-2013-1428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1428): Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet. Closing noglsa for ~arch only. |