Candidate: CVE-2010-3302
PublicDate: 2010-10-05 22:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3302
 http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt
Description:
 Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25
 through 2.6.28 might allow remote authenticated gateways to execute
 arbitrary code or cause a denial of service via long (1) cisco_dns_info or
 (2) cisco_domain_info data in a packet.
Ubuntu-Description:
Notes:
 mdeslaur> introduced in 2.6.25
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_openswan:
 upstream: http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch
 upstream: http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch
upstream_openswan: released (2.6.29)
dapper_openswan: ignored (reached end-of-life)
hardy_openswan: not-affected
jaunty_openswan: ignored (reached end-of-life)
karmic_openswan: ignored (reached end-of-life)
lucid_openswan: not-affected (1:2.6.23+dfsg-1ubuntu1)
maverick_openswan: ignored (reached end-of-life)
natty_openswan: not-affected (1:2.6.28+dfsg-2)
oneiric_openswan: not-affected (1:2.6.28+dfsg-2)
devel_openswan: not-affected (1:2.6.37-1)