ID CVE-2018-16758
Summary Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
References
Vulnerable Configurations
  • Tinc-VPN Tinc 1.0.17
    cpe:2.3:a:tinc-vpn:tinc:1.0.17
  • Tinc-VPN Tinc 1.0.18
    cpe:2.3:a:tinc-vpn:tinc:1.0.18
  • Tinc-VPN Tinc 1.0.19
    cpe:2.3:a:tinc-vpn:tinc:1.0.19
  • Tinc-VPN Tinc 1.0.20
    cpe:2.3:a:tinc-vpn:tinc:1.0.20
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A4EB38EACC0611E8ADA4408D5CF35399.NASL
    description tinc-vpn.org reports : The authentication protocol allows an oracle attack that could potentially be exploited. If a man-in-the-middle has intercepted the TCP connection it might be able to force plaintext UDP packets between two nodes for up to a PingInterval period.
    last seen 2019-01-16
    modified 2019-01-15
    plugin id 118024
    published 2018-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118024
    title FreeBSD : tinc -- Buffer overflow (a4eb38ea-cc06-11e8-ada4-408d5cf35399)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4312.NASL
    description Several vulnerabilities were discovered in tinc, a Virtual Private Network (VPN) daemon. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-16738 Michael Yonli discovered a flaw in the implementation of the authentication protocol that could allow a remote attacker to establish an authenticated, one-way connection with another node. - CVE-2018-16758 Michael Yonli discovered that a man-in-the-middle that has intercepted a TCP connection might be able to disable encryption of UDP packets sent by a node.
    last seen 2019-01-16
    modified 2019-01-15
    plugin id 117958
    published 2018-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117958
    title Debian DSA-4312-1 : tinc - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-31C2A0B2EA.NASL
    description Security fix for CVE-2018-16737, CVE-2018-16738, CVE-2018-16758 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2019-01-15
    plugin id 120335
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120335
    title Fedora 28 : tinc (2018-31c2a0b2ea)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-AFAE5E8438.NASL
    description Security fix for CVE-2018-16737, CVE-2018-16738, CVE-2018-16758 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2019-01-15
    plugin id 120712
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120712
    title Fedora 29 : tinc (2018-afae5e8438)
refmap via4
confirm
debian DSA-4312
Last major update 10-10-2018 - 17:29
Published 10-10-2018 - 17:29
Last modified 14-01-2019 - 09:14
Back to Top