CVE-2010-2628

{"id": "CVE-2010-2628", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-08-20T18:00:02.187", "references": [{"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/40956", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://trac.strongswan.org/projects/strongswan/wiki/441", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/42444", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024338", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2085", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2086", "source": "cve@mitre.org"}, {"url": "https://bugzilla.novell.com/615915", "source": "cve@mitre.org"}, {"url": "https://lists.strongswan.org/pipermail/users/2010-August/005167.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows."}, {"lang": "es", "value": "El demonio IKE en strongSwan v4.3.x anterior a v4.3.7 y v4.4.x anterior a v4.4.1 no comprueba adecuadamente el valor devuelto de la llamada snprintf, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) certificado o (2) datos de identidad manipulados, que desencadenan un debordamiento de b\u00fafer"}], "lastModified": "2010-08-24T05:46:34.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583"}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721"}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF"}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7"}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6"}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34"}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB"}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}