Candidate: CVE-2010-3752
PublicDate: 2010-10-05 22:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3752
 http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt
Description:
 programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28
 allows remote authenticated gateways to execute arbitrary commands via
 shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in
 a packet, a different vulnerability than CVE-2010-3302.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_openswan:
 upstream: http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch
 upstream: http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch
upstream_openswan: released (2.6.29)
dapper_openswan: ignored (reached end-of-life)
hardy_openswan: not-affected
jaunty_openswan: ignored (reached end-of-life)
karmic_openswan: ignored (reached end-of-life)
lucid_openswan: not-affected (1:2.6.23+dfsg-1ubuntu1)
maverick_openswan: ignored (reached end-of-life)
natty_openswan: not-affected (1:2.6.28+dfsg-2)
oneiric_openswan: not-affected (1:2.6.28+dfsg-2)
devel_openswan: not-affected (1:2.6.37-1)