CVE-2010-3752

Sažetak

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.

Reference

http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt
http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch
http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch
http://www.redhat.com/support/errata/RHSA-2010-0892.html
http://www.securityfocus.com/bid/43588
http://www.securitytracker.com/id?1024749
http://www.vupen.com/english/advisories/2010/2526

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-07-2019 - 13:26

Objavljeno

05-10-2010 - 22:00