QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3752

Published: Oct 5, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_SECTRACK

http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch

x_refsource_CONFIRM

http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.