what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 2663-1

Debian Security Advisory 2663-1
Posted Apr 23, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2663-1 - Martin Schobert discovered a stack-based vulnerability in tinc, a virtual private network daemon.

tags | advisory
systems | linux, debian
advisories | CVE-2013-1428
SHA-256 | d27a46903652511fd9626681594a7256f7c929cb46999751f76c9fe419b659fb
Download | Favorite | View

Debian Security Advisory 2663-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2663-1                   security@debian.org
http://www.debian.org/security/                         Yves-Alexis Perez
April 22, 2013                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tinc
Vulnerability  : stack based buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-1428

Martin Schobert discovered a stack-based vulnerability in tinc, a virtual
private network daemon.

When packets are forwarded via TCP, packet length is not checked against
the stack buffer length. Authenticated peers could use this to crash the
tinc daemon and maybe execute arbitrary code.

Note that on Wheezy and Sid, tinc is built using hardening flags and
especially stack smashing protection, which should help protect against
arbitrary code execution.

For the stable distribution (squeeze), this problem has been fixed in
version 1.0.13-1+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 1.0.19-3.

For the unstable distribution (sid), this problem has been fixed in
version 1.0.19-3.

We recommend that you upgrade your tinc packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBCgAGBQJRdaZuAAoJEG3bU/KmdcClqMIH/0gueevwYrOuGpJ3A943ZgWT
B6R7uKlvMrZshmFQX9tvzFiT9YrTC5/oADF9ujo4abeMaODUhVBoXoFOGuWKV8iV
zi3ue09NNxhE5kyA6UQpaEnbamdIegP2cKfmte/s4PePO6tTSb2VpdbqvRGonKWK
R1kah9mUOwnZpr6S2hVlyEo3xzD4I+mK/v8Zpj5fy8U63e0vt9NIcB289UO9XaK2
mKHD82C8Y/80SJktRyqWtAfBrboVaggGyHH9OssU6F9SobFSGUWFaGo4HfpcQmdy
Lr5J0eVhEOk83nUpV908lWJRm4T+i9oOWmp/MMlCWO/UxnixBLNX3XTw1Y8dXjY=
=Ctrc
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close