5 matches found
Oracle: Security Advisory (ELSA-2010-0892)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 6 : openswan (ELSA-2010-0892)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0892 advisory. 2.6.24-8.1 Resolves: 635058 CVE-2010-3302 CVE-2010-3308 CVE-2010-2752 CVE-2010-3753 Tenable has extracted the preceding description block directly from...
Scientific Linux Security Update : openswan on SL6.x i386/x86_64
Two buffer overflow flaws were found in the Openswan client-side XAUTH handling code used when connecting to certain Cisco gateways. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client. CVE-2010-3302, CVE-2010-3308 Two input...
CVE-2010-3753
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the ciscobanner aka serverbanner field, a different vulnerability than CVE-2010-3308...
CVE-2010-3753
CVE-2010-3753 affects the Openswan client (xauth.c) in OpenSwan 2.6.26–2.6.28, where remote authenticated gateways can trigger command execution via shell metacharacters in the Cisco_banner/server_banner field. The root cause is improper input handling in the banner field, enabling arbitrary code...