strongSwan IETF Attribute or Identification Parsing Multiple Remote Code Execution Vulnerabilities

strongSwan is prone to multiple remote code-execution vulnerabilities because it uses the 'snprintf()' function in an insecure manner.

Attackers can leverage these issues to execute arbitrary code in the context of the application. Failed attacks will likely result in denial-of-service conditions. Successful attacks will completely compromise the affected computer.

These issues were introduced in strongSwan 4.3.3, and fixed in strongSwan 4.3.7 and 4.4.1.


 

Privacy Statement
Copyright 2010, SecurityFocus