Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2013-1428

Published: 26/04/2013 Updated: 01/12/2013
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Tinc

Vulnerability Summary

Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc prior to 1.0.21 and 1.1 prior to 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.

Vulnerable Product Search on Vulmon Subscribe to Product

tinc-vpn tinc 1.0.18

tinc-vpn tinc 1.0.17

tinc-vpn tinc

tinc-vpn tinc 1.0.19

tinc-vpn tinc 1.1

Vendor Advisories

Debian Security Advisories: DSA-2663-1 tinc -- stack based buffer overflow
Martin Schobert discovered a stack-based vulnerability in tinc, a Virtual Private Network (VPN) daemon When packets are forwarded via TCP, packet length is not checked against the stack buffer length Authenticated peers could use this to crash the tinc daemon and maybe execute arbitrary code Note that on Wheezy and Sid, tinc is built using harde ...

Exploits

Exploit DB: Tincd - (Authenticated) Remote TCP Stack Buffer Overflow (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'securerandom' class Metasploit3 < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::EXE include Msf::Exploit::Remote::TincdExploitClient def initialize(inf ...

References

CWE-119http://www.securityfocus.com/bid/59369http://www.tinc-vpn.org/news/http://www.debian.org/security/2013/dsa-2663http://secunia.com/advisories/53087http://freecode.com/projects/tinc/releases/354122https://github.com/gsliepen/tinc/commit/17a33dfd95b1a29e90db76414eb9622df9632320http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.htmlhttp://secunia.com/advisories/53108http://osvdb.org/92653http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106167.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105559.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105531.htmlhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-2663https://www.exploit-db.com/exploits/35441/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook