Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 339669 (CVE-2010-3302) - net-misc/openswan: Two Buffer Overflow Vulnerabilities (CVE-2010-{3302,3308})
Summary: net-misc/openswan: Two Buffer Overflow Vulnerabilities (CVE-2010-{3302,3308})
Alias: CVE-2010-3302
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [noglsa]
: 350104 (view as bug list)
Depends on:
Reported: 2010-10-04 03:18 UTC by Tim Sammut (RETIRED)
Modified: 2010-12-31 08:57 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-10-04 03:18:00 UTC


Multiple vulnerabilities have been reported in Openswan, which can be exploited by malicious people to compromise a user's system.

1) A boundary error when processing the "cisco_dns_info" and "cisco_domain_info" fields can be exploited to cause a buffer overflow via a specially crafted packet with DNS payload.

2) A boundary error when processing the "cisco_banner" or "server_banner" fields can be exploited to cause a buffer overflow via a string longer than 500 characters.

NOTE: This vulnerability was introduced in version 2.6.26.

3) An input sanitation error when processing the "cisco_dns_info", "cisco_domain_info", "cisco_banner", and "server_banner" fields can be exploited to inject arbitrary shell commands via a specially crafted string.

Successful exploitation of these vulnerabilities may allow execution of arbitrary code but requires tricking a user into connecting to a malicious Cisco compatible gateway using Extended Authentication (XAUTH).

The vulnerabilities are reported in version 2.6.25 through 2.6.28.


CVE-2010-3302 is for 2.6.25; CVE-2010-3308 is for 2.6.26-2.6.28.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-10-04 03:20:41 UTC
Hi, mrness.

Since we do not have any 2.6 ebuilds stabilized, would you like to investigate the impact to 2.4.15? Or should we work to stabilize 2.6.29?

Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-10-04 11:15:47 UTC
We need to investigate the impact on 2.4.x because that will determine if we have to write a GLSA! If there never was a vulnerable version stable, we won't have to write one.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2010-11-19 06:18:47 UTC
According to these two pages

these issues do not affect openswan 2.4. For openswan 2.6 which is currently ~arch, net-misc/openswan-2.6.29 is fixed and is already in the tree.

Closing noglsa.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2010-12-31 08:57:22 UTC
*** Bug 350104 has been marked as a duplicate of this bug. ***