CVE-2010-3753

Name of the Vulnerable Software and Affected Versions Openswan versions 2.6.24 through 2.6.28 Openswan-debuginfo versions 2.6.24 Openswan-doc versions 2.6.24

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely by an authenticated attacker. The vulnerability in the client in Openswan allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco banner (aka server banner) field in the xauth.c file.

Recommendations For Openswan versions 2.6.24 through 2.6.28, consider disabling the vulnerable function until a patch is available. For Openswan-debuginfo versions 2.6.24, restrict access to the vulnerable module to minimize the risk of exploitation. For Openswan-doc versions 2.6.24, avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.