Openswan: Moderate Security Update Fix Arbitrary Code Execution Vulnerability

Users of Openswan please be advised of a Moderate security update fix arbitrary code execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0892-01: [RHSA-2010:0892-01] Moderate: openswan security update

Product: Red Hat Enterprise Linux

Description:

Two buffer overflow flaws were found in the Openswan client-side XAUTH handling code used when connecting to certain Cisco gateways. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client. (CVE-2010-3302, CVE-2010-3308) Two input sanitization flaws were found in the Openswan client-side handling of Cisco gateway banners. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client. (CVE-2010-3752, CVE-2010-3753) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/bEs5sA