Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 466904 (CVE-2013-1428) - <net-misc/tinc-1.0.21: "receive_tcppacket()" Buffer Overflow Vulnerability (CVE-2013-1428)
Summary: <net-misc/tinc-1.0.21: "receive_tcppacket()" Buffer Overflow Vulnerability (C...
Alias: CVE-2013-1428
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~1 [noglsa]
Depends on:
Reported: 2013-04-23 13:51 UTC by Agostino Sarubbo
Modified: 2013-05-09 17:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-04-23 13:51:52 UTC
From ${URL} :

A vulnerability has been reported in tinc, which can be exploited by malicious users to compromise 
a vulnerable system.

The vulnerability is caused due to a boundary error within the "receive_tcppacket()" function 
(src/net_packet.c) when processing TCP packets and can be exploited to cause a stack-based buffer 

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 1.0.20. Prior versions may also be affected.

Update to version 1.0.21.

Provided and/or discovered by
The vendor credits Martin Schobert.

Original Advisory
Comment 1 Anthony Basile gentoo-dev 2013-04-23 14:30:02 UTC
tinc-1.0.21 is in the tree.  There are no stable version to rapid stabilize.
Comment 2 Anthony Basile gentoo-dev 2013-04-24 11:21:30 UTC
(In reply to comment #1)
> tinc-1.0.21 is in the tree.  There are no stable version to rapid stabilize.

Older exploitable versions off the tree.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-05-09 11:56:14 UTC
CVE-2013-1428 (
  Stack-based buffer overflow in the receive_tcppacket function in
  net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote
  authenticated peers to cause a denial of service (crash) or possibly execute
  arbitrary code via a large TCP packet.
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2013-05-09 17:20:02 UTC
Closing noglsa for ~arch only.