Openswan: Moderate Security Update Fix Arbitrary Code Execution Vulnerability

Users of Openswan please be advised of a Moderate security update fix arbitrary code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

RHSA-2010:0892-01: [RHSA-2010:0892-01] Moderate: openswan security update
Product: Red Hat Enterprise Linux
Description:
Two buffer overflow flaws were found in the Openswan client-side XAUTH

handling code used when connecting to certain Cisco gateways. A malicious

or compromised VPN gateway could use these flaws to execute arbitrary code

on the connecting Openswan client. (CVE-2010-3302, CVE-2010-3308)

Two input sanitization flaws were found in the Openswan client-side

handling of Cisco gateway banners. A malicious or compromised VPN gateway

could use these flaws to execute arbitrary code on the connecting Openswan

client. (CVE-2010-3752, CVE-2010-3753)

Read more at http://www.criticalwatch.com

 

Advertisements