Vulnerability Description
Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openswan | Openswan | <= 1.0.9 |
| Xelerance | Openswan | 2.3.0 |
References
- http://secunia.com/advisories/14038
- http://secunia.com/advisories/14062
- http://securitytracker.com/id?1013014
- http://www.idefense.com/application/poi/display?id=190&type=vulnerabilitiesPatchVendor Advisory
- http://www.openswan.org/support/vuln/IDEF0785/PatchVendor Advisory
- http://www.osvdb.org/13195
- http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html
- http://www.securityfocus.com/bid/12377
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19078
- http://secunia.com/advisories/14038
- http://secunia.com/advisories/14062
- http://securitytracker.com/id?1013014
- http://www.idefense.com/application/poi/display?id=190&type=vulnerabilitiesPatchVendor Advisory
- http://www.openswan.org/support/vuln/IDEF0785/PatchVendor Advisory
- http://www.osvdb.org/13195
FAQ
What is CVE-2005-0162?
CVE-2005-0162 is a vulnerability with a CVSS score of 7.2 (HIGH). Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allo...
How severe is CVE-2005-0162?
CVE-2005-0162 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0162?
Check the references section above for vendor advisories and patch information. Affected products include: Openswan Openswan, Xelerance Openswan.