CVE-2010-0392

Name of the Vulnerable Software and Affected Versions TheGreenBow IPSec VPN Client versions 4.51.001 through 4.65.003

Description A stack-based buffer overflow issue exists, allowing user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file. This issue is related to the "phase 2" aspect of the software.

Recommendations For versions 4.51.001 through 4.65.003, avoid using long OpenScriptAfterUp parameters in policy (.tgb) files to minimize the risk of exploitation. As a temporary workaround, consider restricting the use of the OpenScriptAfterUp parameter in the affected policy files until a patch is available.