20 matches found
EUVD-2014-2089
Malware in sbrugna...
EUVD-2010-3731
Malware in sbrugna...
EUVD-2015-3296
Malware in sbrugna...
EUVD-2011-4025
Malware in sbrugna...
EUVD-2018-7694
Malware in sbrugna...
EUVD-2011-3343
Malware in sbrugna...
EUVD-2010-3732
Malware in sbrugna...
EUVD-2013-6270
Malware in sbrugna...
EUVD-2011-2139
Malware in sbrugna...
SUSE CVE-2004-0590
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS7 certificates in which a self-signed certificate identifies an alternate...
SUSE CVE-2010-3752
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet, a different vulnerability than CVE-2010-3302...
SUSE CVE-2010-3753
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the ciscobanner aka serverbanner field, a different vulnerability than CVE-2010-3308...
PT-2015-6117 · Libreswan +4 · Libreswan +4
Name of the Vulnerable Software and Affected Versions: libreswan versions prior to 3.15 Openswan versions prior to 2.6.45 Description: The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and daemon restart. This occurs when a zero DH g^x value is...
CVE-2014-2037
Openswan 2.6.40 allows remote attackers to cause a denial of service NULL pointer dereference and IKE daemon restart via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466...
CVE-2010-3752
The CVE entry concerns Openswan, specifically the client-side xauth processing in openswan 2.6.25–2.6.28, where remote authenticated gateways could cause remote code execution via shell metacharacters embedded in Cisco-related data fields (cisco_dns_info and cisco_domain_info). Public references ...
CVE-2008-4190
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the 1 ipseclive.conn and 2 ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream...
CVE-2005-0162
Stack-based buffer overflow in the getinternaladdresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code...
iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow Vulnerability
Openswan XAUTH/PAM Buffer Overflow Vulnerability iDEFENSE Security Advisory 01.26.05 www.idefense.com/application/poi/display?id=190&type=vulnerabilities January 26, 2005 I. BACKGROUND Openswan is an open source implementation of IPSEC for the Linux Operating System. Openswan is based on the...
CVE-2005-0162
Stack-based buffer overflow in the getinternaladdresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code...
CVE-2005-0162
Stack-based buffer overflow in the getinternaladdresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code...