Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-2628 | First vendor Publication | 2010-08-20 |
Vendor | Cve | Last vendor Modification | 2010-08-24 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2628 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67148 | strongSwan snprintf() Function Certificate / Identification Payload Remote Co... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | strongSwan Certificate and Identification payload overflow attempt RuleID : 19182 - Revision : 10 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_strongswan-100802.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_strongswan-100723.nasl - Type : ACT_GATHER_INFO |
2010-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_strongswan-100802.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:11:48 |
|
2021-04-22 01:12:23 |
|
2020-05-23 00:26:05 |
|
2016-04-26 19:56:59 |
|
2014-06-14 13:28:57 |
|
2014-02-17 10:56:22 |
|
2014-01-19 21:26:57 |
|
2013-05-10 23:28:40 |
|