CVE-2010-3302

Name of the Vulnerable Software and Affected Versions openswan versions 2.6.24 through 2.6.28 openswan-debuginfo versions 2.6.24 openswan-doc versions 2.6.24

Description The issue affects the confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely by an authenticated attacker. A buffer overflow in the client in Openswan might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long cisco dns info or cisco domain info data in a packet.

Recommendations For openswan versions 2.6.24 through 2.6.28, consider restricting access to the vulnerable xauth.c component in the client until a patch is available. For openswan-debuginfo version 2.6.24, restrict access to the vulnerable package to minimize the risk of exploitation. For openswan-doc version 2.6.24, avoid using the package until the issue is resolved. As a temporary workaround, consider disabling the cisco dns info and cisco domain info data in packets to prevent buffer overflow exploitation.