Описание
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 1:2.6.37-1 |
| hardy | not-affected | |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | 1:2.6.23+dfsg-1ubuntu1 |
| maverick | ignored | end of life |
| natty | not-affected | 1:2.6.28+dfsg-2 |
| oneiric | not-affected | 1:2.6.28+dfsg-2 |
| upstream | released | 2.6.29 |
Показывать по
EPSS
6.5 Medium
CVSS2
Связанные уязвимости
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 ...
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.
EPSS
6.5 Medium
CVSS2