User: Password:
Subscribe / Log in / New account

tinc: code execution

Package(s):tinc CVE #(s):CVE-2013-1428
Created:April 23, 2013 Updated:May 15, 2013
Description: From the Debian advisory:

Martin Schobert discovered a stack-based vulnerability in tinc, a virtual private network daemon.

When packets are forwarded via TCP, packet length is not checked against the stack buffer length. Authenticated peers could use this to crash the tinc daemon and maybe execute arbitrary code.

Fedora FEDORA-2013-7128 tinc 2013-05-15
Fedora FEDORA-2013-7120 tinc 2013-05-15
Debian DSA-2663-1 tinc 2013-04-22

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds