openswan-2.6.29 is affected. It is masked but please, check if our are too. openswan-2.6.36 seem to be ok. Could someone test and give us feedback?
(In reply to comment #0) > openswan-2.6.29 is affected. It is masked but please, check if our are too. > openswan-2.6.36 seem to be ok. Could someone test and give us feedback? Not masked, simply ~testing. Please bump 2.6.36
CVE-2010-3753 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3753): programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308. CVE-2010-3752 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3752): programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. CVE-2010-3308 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3308): Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field. CVE-2010-3302 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3302): Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.
2.6.37 in tree, close as noglsa.
CVE-2011-3380 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3380): Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.
