Bug 955705 (CVE-2013-1428)

Summary: CVE-2013-1428 tinc: Stack-based buffer overflow when processing overly long TCP packets
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mail
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20130422,reported=20130419,source=distros,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P,fedora-all/tinc=affected,cwe=CWE-121[auto]
Fixed In Version: tinc-1.0.21, tinc-1.1pre7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-27 15:16:03 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 955707    
Bug Blocks:    

Description Jan Lieskovsky 2013-04-23 10:55:54 EDT
A stack-based buffer overflow flaw was found in the way Tinc, a virtual private network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet, processed certain TCP packets. A remote, authenticated attacker could send a specially-crafted TCP packet that, when processed would lead to tincd daemon termination (denial of service).

References:
[1] http://www.tinc-vpn.org/news/
[2] http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html
[3] https://bugs.gentoo.org/show_bug.cgi?id=466904
[4] https://secunia.com/advisories/53108/

Relevant upstream patch:
[5] http://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=17a33dfd95b1a29e90db76414eb9622df9632320
Comment 1 Jan Lieskovsky 2013-04-23 10:57:58 EDT
This issue affects the versions of the tinc package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Comment 2 Jan Lieskovsky 2013-04-23 10:59:06 EDT
Created tinc tracking bugs for this issue

Affects: fedora-all [bug 955707]
Comment 6 Fedora Update System 2013-05-14 23:24:03 EDT
tinc-1.0.21-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-05-14 23:33:55 EDT
tinc-1.0.21-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-05-24 16:17:23 EDT
tinc-1.0.21-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.