A stack-based buffer overflow flaw was found in the way Tinc, a virtual private network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet, processed certain TCP packets. A remote, authenticated attacker could send a specially-crafted TCP packet that, when processed would lead to tincd daemon termination (denial of service). References: [1] http://www.tinc-vpn.org/news/ [2] http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html [3] https://bugs.gentoo.org/show_bug.cgi?id=466904 [4] https://secunia.com/advisories/53108/ Relevant upstream patch: [5] http://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=17a33dfd95b1a29e90db76414eb9622df9632320
This issue affects the versions of the tinc package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Created tinc tracking bugs for this issue Affects: fedora-all [bug 955707]
Sitsec Blog advisory: [6] http://www.sitsec.net/blog/2013/04/22/stack-based-buffer-overflow-in-the-vpn-software-tinc-for-authenticated-peers/ Reproducer: [7] http://www.sitsec.net/files/tinc-poc.py
tinc-1.0.21-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
tinc-1.0.21-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
tinc-1.0.21-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.