CVE-2005-0162

high

Description

Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19078

http://www.securityfocus.com/bid/12377

http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html

http://www.osvdb.org/13195

http://www.openswan.org/support/vuln/IDEF0785/

http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities

http://securitytracker.com/id?1013014

http://secunia.com/advisories/14062

http://secunia.com/advisories/14038

Details

Source: Mitre, NVD

Published: 2005-01-26

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

EPSS

EPSS: 0.04296