Bug 955705 (CVE-2013-1428)

Summary: CVE-2013-1428 tinc: Stack-based buffer overflow when processing overly long TCP packets
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mail
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: tinc-1.0.21, tinc-1.1pre7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-27 19:16:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 955707    
Bug Blocks:    

Description Jan Lieskovsky 2013-04-23 14:55:54 UTC 
A stack-based buffer overflow flaw was found in the way Tinc, a virtual private network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet, processed certain TCP packets. A remote, authenticated attacker could send a specially-crafted TCP packet that, when processed would lead to tincd daemon termination (denial of service).

References:
[1] http://www.tinc-vpn.org/news/
[2] http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html
[3] https://bugs.gentoo.org/show_bug.cgi?id=466904
[4] https://secunia.com/advisories/53108/

Relevant upstream patch:
[5] http://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=17a33dfd95b1a29e90db76414eb9622df9632320
Comment 1 Jan Lieskovsky 2013-04-23 14:57:58 UTC 
This issue affects the versions of the tinc package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Comment 2 Jan Lieskovsky 2013-04-23 14:59:06 UTC 
Created tinc tracking bugs for this issue

Affects: fedora-all [bug 955707]
Comment 4 Jan Lieskovsky 2013-04-23 15:13:25 UTC 
Sitsec Blog advisory:
[6] http://www.sitsec.net/blog/2013/04/22/stack-based-buffer-overflow-in-the-vpn-software-tinc-for-authenticated-peers/

Reproducer:
[7] http://www.sitsec.net/files/tinc-poc.py
Comment 6 Fedora Update System 2013-05-15 03:24:03 UTC 
tinc-1.0.21-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-05-15 03:33:55 UTC 
tinc-1.0.21-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-05-24 20:17:23 UTC 
tinc-1.0.21-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.