Lucene search

K

[email protected]NVD:CVE-2013-2053

HistoryJul 09, 2013 - 5:55 p.m.

CVE-2013-2053

2013-07-0917:55:01

CWE-119

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.

Affected configurations

NVD

Node

xeleranceopenswanRange≤2.6.38

OR

xeleranceopenswanMatch2.6.01

OR

xeleranceopenswanMatch2.6.02

OR

xeleranceopenswanMatch2.6.03

OR

xeleranceopenswanMatch2.6.04

OR

xeleranceopenswanMatch2.6.05

OR

xeleranceopenswanMatch2.6.06

OR

xeleranceopenswanMatch2.6.07

OR

xeleranceopenswanMatch2.6.08

OR

xeleranceopenswanMatch2.6.09

OR

xeleranceopenswanMatch2.6.10

OR

xeleranceopenswanMatch2.6.11

OR

xeleranceopenswanMatch2.6.12

OR

xeleranceopenswanMatch2.6.13

OR

xeleranceopenswanMatch2.6.14

OR

xeleranceopenswanMatch2.6.15

OR

xeleranceopenswanMatch2.6.16

OR

xeleranceopenswanMatch2.6.17

OR

xeleranceopenswanMatch2.6.18

OR

xeleranceopenswanMatch2.6.19

OR

xeleranceopenswanMatch2.6.20

OR

xeleranceopenswanMatch2.6.21

OR

xeleranceopenswanMatch2.6.22

OR

xeleranceopenswanMatch2.6.23

OR

xeleranceopenswanMatch2.6.24

OR

xeleranceopenswanMatch2.6.25

OR

xeleranceopenswanMatch2.6.26

OR

xeleranceopenswanMatch2.6.27

OR

xeleranceopenswanMatch2.6.28

OR

xeleranceopenswanMatch2.6.29

OR

xeleranceopenswanMatch2.6.30

OR

xeleranceopenswanMatch2.6.31

OR

xeleranceopenswanMatch2.6.32

OR

xeleranceopenswanMatch2.6.33

OR

xeleranceopenswanMatch2.6.34

OR

xeleranceopenswanMatch2.6.35

OR

xeleranceopenswanMatch2.6.36

OR

xeleranceopenswanMatch2.6.37

References

lists.opensuse.org/opensuse-security-announce/2013-07/msg00008.html

rhn.redhat.com/errata/RHSA-2013-0827.html

www.debian.org/security/2014/dsa-2893

www.securityfocus.com/bid/59838

bugzilla.redhat.com/show_bug.cgi?id=960229

lists.libreswan.org/pipermail/swan-announce/2013/000003.html

www.openswan.org/news/13

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

Related for NVD:CVE-2013-2053

cvelist3 prion3 ubuntucve2 debiancve2 cve3 nvd2 nessus10 suse1 openvas13 oraclelinux1 centos1 veracode1 gentoo2 amazon1 redhat1 debian1 securityvulns2 osv1