SB2013051702 - Input validation error in openswan (Alpine package)
Published: May 17, 2013
Security Bulletin ID
SB2013051702
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-2052)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=59f82a99051677a0a8ffbd33585293f529cf627c
- https://git.alpinelinux.org/aports/commit/?id=d683fd4dd8ffe042856746069278555cdb19fb7e
- https://git.alpinelinux.org/aports/commit/?id=745c41c042b8f6bd865f5bc311ed900484adaae1
- https://git.alpinelinux.org/aports/commit/?id=ca6f0ad926d2fabed66a049927cea2eb176581da
- https://git.alpinelinux.org/aports/commit/?id=dd895219bdebd021153245cf40a0ba3c3da7e07c