oss-sec mailing list archives
Re: CVE request: openconnect buffer overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 12 Feb 2013 14:28:48 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/11/2013 12:52 PM, Florian Weimer wrote:
Kevin Cernekee discovered that a malicious VPN gateway can send a very long hostname/path (for redirects) or cookie list (in general), which OpenConnect will attempt to write on a fixed length buffer. Upstream commit: <http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491> This needs a CVE name from 2012.
Please use CVE-2012-6128 for this issue. It should be noted that this can be executed by a man in the middle attacker (which is exactly why you're using a VPN Usually =). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRGrQQAAoJEBYNRVNeJnmTPGwQAINZYQzKx4N77zOpEqm7iHWI kJV82S4bRs44X8aavpZjndxlaPG21W2pxciS52cVMd6He5nL3dEi6ftXayIeSYWy deQ15soD0+/oGPOq76u0Mql4D+tCrS+/U75X0jwY9RsdcOso47Bm+zQnVgYuvxBh AdnyB3MFxk1VGilt+jdKoys3P1Vj9Wsgq0rJ9UN1+aVu7McVndc8Y19ZjTXMIYHi 6z9buUz88mVCzTTDcgq3m/4/ikOeOIgRjpBV1/xpdffj/Vixws0K8a9lHO6McJ+5 WYZtQ2V8NgEeq6D0zZtgqDpasee/sVQYAtDgmFerItVFdTqQcyc7CPtqN4TZUkcH SCRabgE8XQ9sw7Umop7lyG2H+fhM6LmYwdWSq4hqeOGrehceYDv6/e0BWd0+pp2d daNcV+beaFg5+b/ndbVF+KqFgcAUSAtz7zrP5uagoJdY+T1eYVl0fPb+wibgCfUE vxkRTt1/Y2sKGm/L83fSW87suflYWF0qbntcpu8BZBLyI/V2F3rTn8LRK30Ca9dO tWXJ9c8OyDRFwtHHdTzETVr6gsKvFTin5qzjgheWmKPLQm+k8uRiGvezWbEGQ9ct 8sjIFZqcWk3bPUnBTPjQfJGYvquG4OIW0liGfolaA6YPUG8kAc0pmX/c0/LzURIH 7wgL41jESIpDLC3zRouv =5wZF -----END PGP SIGNATURE-----
Current thread:
- CVE request: openconnect buffer overflow Florian Weimer (Feb 11)
- Re: CVE request: openconnect buffer overflow Kurt Seifried (Feb 12)