Candidate: CVE-2013-2053
PublicDate: 2013-07-09 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2053
 https://rhn.redhat.com/errata/RHSA-2013-0827.html
 https://lists.libreswan.org/pipermail/swan-announce/2013/000003.html
Description:
 Buffer overflow in the atodn function in Openswan before 2.6.39, when
 Opportunistic Encryption is enabled and an RSA key is being used, allows
 remote attackers to cause a denial of service (pluto IKE daemon crash) and
 possibly execute arbitrary code via crafted DNS TXT records.  NOTE: this
 might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=960229
Priority: medium
Discovered-by: Florian Weimer
Assigned-to:
CVSS: 

Patches_openswan:
 upstream: http://libreswan.org/security/CVE-2013-2053/
upstream_openswan: needs-triage
lucid_openswan: ignored (reached end-of-life)
precise_openswan: ignored (reached end-of-life)
precise/esm_openswan: DNE (precise was needed)
quantal_openswan: ignored (reached end-of-life)
raring_openswan: ignored (reached end-of-life)
saucy_openswan: ignored (reached end-of-life)
trusty_openswan: ignored (reached end-of-life)
trusty/esm_openswan: DNE (trusty was needed)
utopic_openswan: DNE
vivid_openswan: DNE
vivid/stable-phone-overlay_openswan: DNE
vivid/ubuntu-core_openswan: DNE
wily_openswan: DNE
xenial_openswan: DNE
yakkety_openswan: DNE
zesty_openswan: DNE
artful_openswan: DNE
bionic_openswan: DNE
cosmic_openswan: DNE
disco_openswan: DNE
devel_openswan: DNE