Bug#292458: CVE Id
Hi Joey, On Friday 28 January 2005 07:28, Martin Schulze wrote: Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. I still think that the bug is present in 2.3.0 too. At least I applied the patch also to this release - which has the same (flawed) definition of the src variable. Please mention this id in the changelog (could be done with the next upload if you've already uploaded the fixed package. Ok, I will do that with the next upload - both testing and unstable versions got uploaded yesterday to fix the security issue. best regards, Rene -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#292458: CVE Id
Rene Mayrhofer wrote: Hi Joey, On Friday 28 January 2005 07:28, Martin Schulze wrote: Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. I still think that the bug is present in 2.3.0 too. At least I applied the patch also to this release - which has the same (flawed) definition of the src variable. I'll forward this. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#292458: CVE Id
== Candidate: CAN-2005-0162 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162 Reference: IDEFENSE:20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability Reference: URL:http://www.idefense.com/application/poi/display?id=190type=vulnerabilities Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. Please mention this id in the changelog (could be done with the next upload if you've already uploaded the fixed package. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]