[v2.6] Vulnerability in tinc < 1.0.21 allows remote code execution
Because of a security vulnerability in tinc that was recently discovered, we
hereby release tinc versions 1.0.21 and 1.1pre7. Here is a summary of the
changes in tinc 1.0.21:
- Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Here is a summary of the changes in tinc 1.1pre7:
- Fixed large latencies on Windows. * Renamed the tincctl tool to tinc. * Simplified changing the configuration using the tinc tool. * Added a full description of the ExperimentalProtocol to the manual. * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Thanks to Martin Schobert for auditing tinc and reporting the vulnerability.
He discovered a potential stack overflow that can be triggered by an
authenticated peer. This can be used to cause a tinc daemon to crash, or in the
worst case, it might be possible to execute code on another node as the user
running tincd. This bug has been present in all versions of tinc. All users of
tinc should upgrade to 1.0.21 or 1.1pre7 as soon as possible.