Download
| Alert*
oval:org.secpod.oval:def:601547
tinc is installed oval:org.secpod.oval:def:601008 Martin Schobert discovered a stack-based vulnerability in tinc, a virtual private network daemon. When packets are forwarded via TCP, packet length is not checked against the stack buffer length. Authenticated peers could use this to crash the tinc daemon and maybe execute arbitrary code. Note that ... oval:org.secpod.oval:def:1900710 Prevent a MITM from forcing a NULL cipher for UDP oval:org.secpod.oval:def:53434 Several vulnerabilities were discovered in tinc, a Virtual Private Network daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16738 Michael Yonli discovered a flaw in the implementation of the authentication protocol that could allow a remote attack ... oval:org.secpod.oval:def:1901056 The authentication protocol allows an oracle attack that could potentially be exploited. oval:org.secpod.oval:def:603540 Several vulnerabilities were discovered in tinc, a Virtual Private Network daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16738 Michael Yonli discovered a flaw in the implementation of the authentication protocol that could allow a remote attack ... oval:org.secpod.oval:def:1901399 tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. |