Vulnerability Name: | CVE-2010-3752 (CCN-62194) | ||||||||||||||||
Assigned: | 2010-09-27 | ||||||||||||||||
Published: | 2010-09-27 | ||||||||||||||||
Updated: | 2019-07-29 | ||||||||||||||||
Summary: | programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. | ||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||
Vulnerability Type: | CWE-78 | ||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2010-3752 Source: MITRE Type: CNA CVE-2010-3753 Source: CCN Type: RHSA-2010-0892 Moderate: openswan security update Source: CCN Type: SA41689 Openswan XAUTH Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1024749 Openswan Buffer Overflows Let Remote Authenticated Gateways Execute Arbitrary Code Source: CCN Type: Openswan Web site Openswan Source: CONFIRM Type: Vendor Advisory http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt Source: CONFIRM Type: Patch http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch Source: CONFIRM Type: Patch http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch Source: REDHAT Type: UNKNOWN RHSA-2010:0892 Source: BID Type: UNKNOWN 43588 Source: CCN Type: BID-43588 Openswan 'XAUTH' Remote Buffer Overflow and Command Injection Vulnerabilities Source: SECTRACK Type: UNKNOWN 1024749 Source: VUPEN Type: Vendor Advisory ADV-2010-2526 Source: XF Type: UNKNOWN openswan-ciscodns-command-execution(62194) | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: ![]() | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |