CVE-2005-0162 - Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Open

CVE-2005-0162

Summary

Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.

References

Vulnerable Configurations

cpe:2.3:a:openswan:openswan:*:*:*:*:*:*:*:*
cpe:2.3:a:openswan:openswan:*:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.3.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 29-07-2019 - 13:23)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	12377
confirm	http://www.openswan.org/support/vuln/IDEF0785/
fedora	FEDORA-2005-082
idefense	20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability
osvdb	13195
sectrack	1013014
secunia	14038 14062
xf	openswan-xauth-pam-bo(19078)

Last major update

29-07-2019 - 13:23

Published

26-01-2005 - 05:00

Last modified

29-07-2019 - 13:23