Bug 960229 (CVE-2013-2053)
Summary: | CVE-2013-2053 Openswan: remote buffer overflow in atodn() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | eparis, omoris, pwouters, rcvalle, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-05-15 18:15:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 960232, 960233, 960234, 960235, 1014370 | ||
Bug Blocks: | 960231 |
Description
Kurt Seifried
2013-05-06 18:38:41 UTC
This issue requires root level access to modify the configuration of the system in order for it to be vulnerable, this changes the CVSS2 score from 10.0 to 7.6, which also brings the bug impact down to important from critical. Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team. Patches for openswan (from upstream libreswan) are available at http://libreswan.org/security/CVE-2013-2053/ External References: https://lists.libreswan.org/pipermail/swan-announce/2013/000003.html Those are the same as the ones I put in the RHEL packages This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2013:0827 https://rhn.redhat.com/errata/RHSA-2013-0827.html |