Project

General

Profile

Bug #1815

[v2.6] Vulnerability in tinc < 1.0.21 allows remote code execution

Added by Leonardo Arena about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
04/24/2013
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428
http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html

Because of a security vulnerability in tinc that was recently discovered, we
hereby release tinc versions 1.0.21 and 1.1pre7. Here is a summary of the
changes in tinc 1.0.21:

  • Drop packets forwarded via TCP if they are too big (CVE-2013-1428).

Here is a summary of the changes in tinc 1.1pre7:

  • Fixed large latencies on Windows. * Renamed the tincctl tool to tinc. * Simplified changing the configuration using the tinc tool. * Added a full description of the ExperimentalProtocol to the manual. * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).

Thanks to Martin Schobert for auditing tinc and reporting the vulnerability.
He discovered a potential stack overflow that can be triggered by an
authenticated peer. This can be used to cause a tinc daemon to crash, or in the
worst case, it might be possible to execute code on another node as the user
running tincd. This bug has been present in all versions of tinc. All users of
tinc should upgrade to 1.0.21 or 1.1pre7 as soon as possible.


Subtasks

Bug #1816: [v2.5] Vulnerability in tinc < 1.0.21 allows remote code executionClosed

Bug #1817: [v2.4] Vulnerability in tinc < 1.0.21 allows remote code executionClosed

Bug #1818: [v2.3] Vulnerability in tinc < 1.0.21 allows remote code executionClosed

Bug #1819: [v2.2] Vulnerability in tinc < 1.0.21 allows remote code executionClosed

History

#2 Updated by Natanael Copa about 6 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Resolved

#3 Updated by Bartłomiej Piotrowski about 6 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF