Lucene search

FreeBSDA4EB38EA-CC06-11E8-ADA4-408D5CF35399

HistoryOct 08, 2018 - 12:00 a.m.

tinc -- Buffer overflow

2018-10-0800:00:00

vuxml.freebsd.org

475

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

tinc-vpn.org reports:

The authentication protocol allows an oracle attack that could
potentially be exploited.
If a man-in-the-middle has intercepted the TCP connection it
might be able to force plaintext UDP packets between two nodes for up to
a PingInterval period.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchtinc< 1.0.35UNKNOWN
FreeBSDanynoarchtinc-devel< 1.1pre17UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	tinc	< 1.0.35	UNKNOWN
FreeBSD	any	noarch	tinc-devel	< 1.1pre17	UNKNOWN

References

www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a

www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Related for A4EB38EA-CC06-11E8-ADA4-408D5CF35399