[v2.3] Vulnerability in tinc < 1.0.21 allows remote code execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428
http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html
Because of a security vulnerability in tinc that was recently
discovered, we
hereby release tinc versions 1.0.21 and 1.1pre7. Here is a summary of
the
changes in tinc 1.0.21:
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Here is a summary of the changes in tinc 1.1pre7:
* Fixed large latencies on Windows.
* Renamed the tincctl tool to tinc.
* Simplified changing the configuration using the tinc tool.
* Added a full description of the ExperimentalProtocol to the manual.
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Thanks to Martin Schobert for auditing tinc and reporting the
vulnerability.
He discovered a potential stack overflow that can be triggered by an
authenticated peer. This can be used to cause a tinc daemon to crash, or
in the
worst case, it might be possible to execute code on another node as the
user
running tincd. This bug has been present in all versions of tinc. All
users of
tinc should upgrade to 1.0.21 or 1.1pre7 as soon as possible.
(from redmine: issue id 1818, created on 2013-04-24, closed on 2013-05-03)
- Relations:
- parent #1815 (closed)
- Changesets:
- Revision 521799bf by Natanael Copa on 2013-04-25T10:55:47Z:
main/tinc: security upgrade to 1.0.21 (CVE-2013-1428)
fixes #1818