From http://secunia.com/advisories/41689/: <-- Multiple vulnerabilities have been reported in Openswan, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing the "cisco_dns_info" and "cisco_domain_info" fields can be exploited to cause a buffer overflow via a specially crafted packet with DNS payload. 2) A boundary error when processing the "cisco_banner" or "server_banner" fields can be exploited to cause a buffer overflow via a string longer than 500 characters. NOTE: This vulnerability was introduced in version 2.6.26. 3) An input sanitation error when processing the "cisco_dns_info", "cisco_domain_info", "cisco_banner", and "server_banner" fields can be exploited to inject arbitrary shell commands via a specially crafted string. Successful exploitation of these vulnerabilities may allow execution of arbitrary code but requires tricking a user into connecting to a malicious Cisco compatible gateway using Extended Authentication (XAUTH). The vulnerabilities are reported in version 2.6.25 through 2.6.28. <-- CVE-2010-3302 is for 2.6.25; CVE-2010-3308 is for 2.6.26-2.6.28.
Hi, mrness. Since we do not have any 2.6 ebuilds stabilized, would you like to investigate the impact to 2.4.15? Or should we work to stabilize 2.6.29? Thanks!
We need to investigate the impact on 2.4.x because that will determine if we have to write a GLSA! If there never was a vulnerable version stable, we won't have to write one.
According to these two pages http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt these issues do not affect openswan 2.4. For openswan 2.6 which is currently ~arch, net-misc/openswan-2.6.29 is fixed and is already in the tree. Closing noglsa.
*** Bug 350104 has been marked as a duplicate of this bug. ***
