Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6128

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-6128
Last Modified 06 Feb 2014 11:44:01
Published 24 Feb 2013 02:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6128

Summary

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.

Vulnerable Systems

Application

  • Infradead Openconnect 1.00

  • Infradead Openconnect 1.10

  • Infradead Openconnect 1.20

  • Infradead Openconnect 1.30

  • Infradead Openconnect 1.40

  • Infradead Openconnect 2.00

  • Infradead Openconnect 2.01

  • Infradead Openconnect 2.10

  • Infradead Openconnect 2.11

  • Infradead Openconnect 2.12

  • Infradead Openconnect 2.20

  • Infradead Openconnect 2.21

  • Infradead Openconnect 2.22

  • Infradead Openconnect 2.23

  • Infradead Openconnect 2.24

  • Infradead Openconnect 2.25

  • Infradead Openconnect 2.26

  • Infradead Openconnect 3.00

  • Infradead Openconnect 3.01

  • Infradead Openconnect 3.02

  • Infradead Openconnect 3.11

  • Infradead Openconnect 3.12

  • Infradead Openconnect 3.13

  • Infradead Openconnect 3.14

  • Infradead Openconnect 3.15

  • Infradead Openconnect 3.16

  • Infradead Openconnect 3.17

  • Infradead Openconnect 3.18

  • Infradead Openconnect 3.19

  • Infradead Openconnect 3.20

  • Infradead Openconnect 3.99

  • Infradead Openconnect 4.00

  • Infradead Openconnect 4.01

  • Infradead Openconnect 4.02

  • Infradead Openconnect 4.03

  • Infradead Openconnect 4.04

  • Infradead Openconnect 4.05

  • Infradead Openconnect 4.06

  • Infradead Openconnect 4.07


References

XF - openconnect-vpngateway-bo(82058)

BID - 57884

MLIST - [oss-security] 20130212 Re: CVE request: openconnect buffer overflow

CONFIRM - http://www.infradead.org/openconnect/changelog.html

DEBIAN - DSA-2623

CONFIRM - http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491

SUSE - openSUSE-SU-2013:0979

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0060

MANDRIVA - MDVSA-2013:108


Last Updated: 27 May 2016 11:01:56