admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-12 02:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2010/CVE-2010-26xx/CVE-2010-2628.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

281 lines
8.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2010-2628",
"sourceIdentifier": "cve@mitre.org",
"published": "2010-08-20T18:00:02.187",
"lastModified": "2024-11-21T01:17:02.350",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows."
},
{
"lang": "es",
"value": "El demonio IKE en strongSwan v4.3.x anterior a v4.3.7 y v4.4.x anterior a v4.4.1 no comprueba adecuadamente el valor devuelto de la llamada snprintf, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) certificado o (2) datos de identidad manipulados, que desencadenan un debordamiento de b\u00fafer"
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA"
}
]
}
]
}
],
"references": [
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/40956",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://trac.strongswan.org/projects/strongswan/wiki/441",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/42444",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://www.securitytracker.com/id?1024338",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2010/2085",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2010/2086",
"source": "cve@mitre.org"
},
{
"url": "https://bugzilla.novell.com/615915",
"source": "cve@mitre.org"
},
{
"url": "https://lists.strongswan.org/pipermail/users/2010-August/005167.html",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://secunia.com/advisories/40956",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://trac.strongswan.org/projects/strongswan/wiki/441",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/42444",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://www.securitytracker.com/id?1024338",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.vupen.com/english/advisories/2010/2085",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2010/2086",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://bugzilla.novell.com/615915",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.strongswan.org/pipermail/users/2010-August/005167.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink