Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Openswan XAUTH远程溢出和命令注入漏洞
Vulnerability Description
Xelerance Openswan是加拿大Xelerance公司的一个基于FreeS/WAN项目的用于Linux系统下的IPSEC实现,它主要用于保证数据传输中的安全性、完整性等问题。 Openswan的XAUTH Cisco处理代码中存在多个安全漏洞。当openswan连接到恶意网关时,cisco_dns_info和cisco_domain_info声明为固定长度的缓冲区。如果在单个报文中发送了足够多的DNS负载,就会溢出这个缓冲区;此外未经过滤这些字段中的恶意字符便拷贝到了fmt_common_sh
CVSS Information
N/A
Vulnerability Type
N/A