Vulnerability Description
Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thegreenbow | Ipsec Vpn Client | 4.51.001 |
Related Weaknesses (CWE)
References
- http://osvdb.org/61866
- http://secunia.com/advisories/38262Vendor Advisory
- http://www.securityfocus.com/archive/1/509091/100/0/threaded
- http://www.securityfocus.com/bid/40387
- http://www.senseofsecurity.com.au/advisories/SOS-10-001PatchURL Repurposed
- http://www.thegreenbow.com/download.php?id=1000150Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55793
- http://osvdb.org/61866
- http://secunia.com/advisories/38262Vendor Advisory
- http://www.securityfocus.com/archive/1/509091/100/0/threaded
- http://www.securityfocus.com/bid/40387
- http://www.senseofsecurity.com.au/advisories/SOS-10-001PatchURL Repurposed
- http://www.thegreenbow.com/download.php?id=1000150Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55793
FAQ
What is CVE-2010-0392?
CVE-2010-0392 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long O...
How severe is CVE-2010-0392?
CVE-2010-0392 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0392?
Check the references section above for vendor advisories and patch information. Affected products include: Thegreenbow Ipsec Vpn Client.