Lucene search

[email protected]CVE-2005-0162

HistoryJan 29, 2005 - 5:00 a.m.

CVE-2005-0162

2005-01-2905:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0162

stack-based buffer overflow

pluto application

openswan

remote code execution

xauth

pam

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

JSON

Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.

Affected configurations

NVD

Node

openswanopenswanRange≤1.0.9

xeleranceopenswanMatch2.3.0

CPENameOperatorVersion
openswan:openswanopenswanle1.0.9
xelerance:openswanxelerance openswaneq2.3.0

CPE	Name	Operator	Version
openswan:openswan	openswan	le	1.0.9
xelerance:openswan	xelerance openswan	eq	2.3.0

References

secunia.com/advisories/14038

secunia.com/advisories/14062

securitytracker.com/id?1013014

www.idefense.com/application/poi/display?id=190&type=vulnerabilities

www.openswan.org/support/vuln/IDEF0785/

www.osvdb.org/13195

www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html

www.securityfocus.com/bid/12377

exchange.xforce.ibmcloud.com/vulnerabilities/19078

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2005-0162

cvelist1 nvd1 ubuntucve1 nessus1